HJT log...suspected problems

UN)2EAL · Jan 22, 2006

Alright, I've pretty much spent the majority of my day attempting to clean up my PC (using norton, ad-aware and S&D) in order to fix my internet browser problems.
I'm hoping that in the past i have not accidentally deleted processes that i shouldn't have. all help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:35:13 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\T3duZXIA\command.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
C:\WINNT\system32\slserv.exe
C:\progra~1\valve\steam\steam.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GameSpy Arcade\Aphex.exe
C:\HJTlawls\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintball.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINNT\system32\pmnnm.dll (file missing)
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\system32\nsd94.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\system32\nsiA6.dll (file missing)
O2 - BHO: (no name) - {66F52D49-BFD8-9F7B-FB14-E92B26EDDEC8} - C:\WINNT\system32\mwahvb.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINNT\system32\qlink32.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINNT\system32\irasoymc.dll (file missing)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O2 - BHO: (no name) - {D84FF78D-354F-11BD-38BE-66F3CB3233C2} - C:\WINNT\system32\nux.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [stb] C:\WINNT\system32\stb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\kdpplk.exe reg_run
O4 - HKLM\..\Run: [seli] C:\WINNT\seli.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gdo2mkqn] C:\WINNT\system32\gdo2mkqn.exe
O4 - HKLM\..\Run: [ZStart] C:\winnt\system32\ovdxregq.exe DO0605
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [002k0uzo.dll] RUNDLL32.EXE 002k0uzo.dll,b 95750
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SysProtect] C:\Program Files\SysProtect\syp.exe /scan
O4 - HKLM\..\Run: [{0A-A8-85-5A-ZN}] C:\winnt\system32\jqdsregl.exe FI002
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\mwinomaw.exe FI002
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_SF7.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zw37Rki2l] sllav.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [Koqiy] C:\WINNT\system32\?ttrib.exe
O4 - HKCU\..\Run: [irassync] C:\WINNT\system32\irasyncd.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [Ltho] "C:\Program Files\sder\dees.exe" -vt ndrv
O4 - Startup: Zeno.lnk = C:\WINNT\system32\mwinomaw.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\ZIFI002.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: , - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: </RLS> - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: VERSION - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ActivShopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: ActivShopper Toolbar - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/adpepper/grinstall_ap1001_sp2.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127269297209
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} (BHO Class) - http://plugin.secureservicepack.com/secureservicepack.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - (no file)
O20 - AppInit_DLLs: repairs302972988.dll
O20 - Winlogon Notify: ddccd - C:\WINNT\system32\ddccd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINNT\system32\pPpnetsh.dll
O20 - Winlogon Notify: pmnnm - pmnnm.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\T3duZXIA\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINNT\system32\UAService7.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\tyxgwtd.exe (file missing)

thank you for your time.

MicroBell · Jan 24, 2006

Wow. You got a whole mess of problems here.

Please follow the instructions on this page MicroBellÂ’s 5 Step Process
http://www.techsupportforum.com/hijackthis-log-help/15968-please-read-before-posting-hijackthis.html

Once you complete everything....repost another log and we will get started.

*Note* This will take several steps and logs since your so severly infected.

UN)2EAL · Jan 26, 2006

well i finished up the steps.
here is my new HJT log.
still looks extremely infected.
I have been getting IE popups in mass amounts lately (i use firefox)

Logfile of HijackThis v1.99.1
Scan saved at 6:30:47 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1126729620\ee\AOLServiceHost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\alg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJTlawls\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintball.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\system32\nsd94.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\system32\nsiA6.dll (file missing)
O2 - BHO: (no name) - {66F52D49-BFD8-9F7B-FB14-E92B26EDDEC8} - C:\WINNT\system32\mwahvb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINNT\system32\qlink32.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINNT\system32\irasoymc.dll (file missing)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O2 - BHO: (no name) - {D84FF78D-354F-11BD-38BE-66F3CB3233C2} - C:\WINNT\system32\nux.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [seli] C:\WINNT\seli.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [002k0uzo.dll] RUNDLL32.EXE 002k0uzo.dll,b 95750
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SysProtect] C:\Program Files\SysProtect\syp.exe /scan
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\mwinomaw.exe FI002
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [UninstallCOM] C:\WINNT\System32\PreUninstallCOM.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_SF7.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zw37Rki2l] sllav.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [irassync] C:\WINNT\system32\irasyncd.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1
O4 - Startup: Zeno.lnk = C:\WINNT\system32\mwinomaw.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: , - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: </RLS> - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: VERSION - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ActivShopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: ActivShopper Toolbar - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/adpepper/grinstall_ap1001_sp2.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127269297209
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} (BHO Class) - http://plugin.secureservicepack.com/secureservicepack.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O20 - Winlogon Notify: ddccd - C:\WINNT\system32\ddccd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINNT\system32\UAService7.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\tyxgwtd.exe (file missing)

MicroBell · Jan 26, 2006

Hi and Welcome to TF

Yea..I knew you would still be infected as the autoscanners can't remove some of these...but it did the others. Let's continue. I'm going to break these down in steps as you still have several main infections.

STEP 1
+++++++++++++++++++++++++++++++++++

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Ad-AwareÂ® SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please save the log located at C:\vundofix.txt as I will ask for it later

STEP 2
+++++++++++++++++++++++++++++++++++

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure itÂ’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Download and install Cleanup but DO NOT run it yet!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Go to Start->Run and type Services.msc then hit Ok

Scroll down and find the service called: Windows Overlay Components

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\system32\nsd94.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\system32\ddccd.dll (file missing)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\system32\nsiA6.dll (file missing)
O2 - BHO: (no name) - {66F52D49-BFD8-9F7B-FB14-E92B26EDDEC8} - C:\WINNT\system32\mwahvb.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINNT\system32\qlink32.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINNT\system32\irasoymc.dll (file missing)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O2 - BHO: (no name) - {D84FF78D-354F-11BD-38BE-66F3CB3233C2} - C:\WINNT\system32\nux.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [seli] C:\WINNT\seli.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [002k0uzo.dll] RUNDLL32.EXE 002k0uzo.dll,b 95750
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SysProtect] C:\Program Files\SysProtect\syp.exe /scan
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\system32\mwinomaw.exe FI002
O4 - HKLM\..\RunOnce: [UninstallCOM] C:\WINNT\System32\PreUninstallCOM.exe /s
O4 - HKCU\..\Run: [Zw37Rki2l] sllav.exe
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [irassync] C:\WINNT\system32\irasyncd.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\mwinomaw.exe
O8 - Extra context menu item: , - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: </RLS> - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: VERSION - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: ActivShopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: ActivShopper Toolbar - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.c..._ap1001_sp2.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...b?1127269297209
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} (BHO Class) - http://plugin.secureservicepack.com...servicepack.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O20 - Winlogon Notify: ddccd - C:\WINNT\system32\ddccd.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\tyxgwtd.exe (file missing)

Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for themÂ…make sure you have search hidden files, folders, sub directoryÂ’s ect enabled if it applyÂ’s to your OS)

*Note* Some of these may already be gone but make sure!

C:\WINNT\system32\nsd94.dll
C:\Program Files\DealBar\BarLcher.dll
C:\WINNT\system32\communicator.dll
C:\WINNT\system32\ddccd.dll
C:\WINNT\system32\nsiA6.dll
C:\WINNT\system32\mwahvb.dll
C:\WINNT\system32\qlink32.dll
C:\WINNT\system32\irasoymc.dll
C:\WINNT\DH.dll
C:\WINNT\system32\nux.dll
C:\Program Files\PeDevice\PeDev.dll
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINNT\seli.exe
C:\WINNT\VCMnet11.exe
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\windows\mrjj.exe
C:\Program Files\SysProtect\syp.exe
C:\WINNT\system32\mwinomaw.exe
C:\WINNT\System32\PreUninstallCOM.exe
C:\WINNT\system32\pshwr.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\winCMAPP\wincmapp.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINNT\system32\irasyncd.exe
C:\Program Files\CMSystem\CMSystem.exe
C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
C:\WINNT\tyxgwtd.exe
sllav.exe
002k0uzo.dll
msxct.exe <--locate and delete those 3.

Run Ewido:

Click [Scanner]
Click [Complete System Scan] to begin scanning.
Click [OK] when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
Once finished, click the [Save report] button
Save the report to your desktop

Close Ewido

Run Cleanup again using the same options and reboot back to normal mode when complete.

STEP 3
+++++++++++++++++++++++++++++++++++

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
[*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
[*] Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido log, vundofix.txt log, and a new hijackthis log.

UN)2EAL · Jan 28, 2006

HJT LOG::

Logfile of HijackThis v1.99.1
Scan saved at 9:02:23 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1126729620\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJTlawls\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paintball.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\system32\nsd94.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66F52D49-BFD8-9F7B-FB14-E92B26EDDEC8} - C:\WINNT\system32\mwahvb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O2 - BHO: (no name) - {D84FF78D-354F-11BD-38BE-66F3CB3233C2} - C:\WINNT\system32\nux.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [seli] C:\WINNT\seli.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126729620\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [SysProtect] C:\Program Files\SysProtect\syp.exe /scan
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_SF7.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zw37Rki2l] sllav.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: , - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: </RLS> - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: VERSION - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ActivShopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: ActivShopper Toolbar - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/adpepper/grinstall_ap1001_sp2.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127269297209
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab
O20 - Winlogon Notify: ddccd - C:\WINNT\system32\ddccd.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINNT\system32\UAService7.exe

EWIDO LOG::

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:54:22 PM, 1/28/2006
+ Report-Checksum: 3B25E060

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.19:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.20:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.25:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.45:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.57:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.65:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zm6o4uuo.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYNOPER\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OD2FSTU7\cm[1].exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OD2FSTU7\cm[1].exe/is468.exe -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OD2FSTU7\cm[1].exe/mc-110-12-0000179.exe -> Spyware.Maxifiles : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xo6rr59.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xo6rr59.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xo6rr59.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xo6rr59.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Downloader.PurityScan.br : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\99_app99.exe -> Dropper.Agent.xw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\RelatedSetup.exe -> Downloader.Small.bmx : Cleaned with backup
C:\HJTlawls\hijackthis\backups\backup-20060128-174402-154.dll -> Adware.Mirar : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\PCheck.dll -> Adware.Winfixer : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Cleaned with backup
C:\Program Files\MemoryWatcher -> Adware.MemoryWatcher : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP699\A0084474.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP699\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP700\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP700\snapshot\MFEX-3.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP701\A0084540.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP701\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP701\snapshot\MFEX-3.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP702\A0084588.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP702\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP702\snapshot\MFEX-3.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP703\A0084592.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP703\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP703\snapshot\MFEX-3.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP704\A0084636.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP704\A0085334.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP704\A0085338.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP704\snapshot\MFEX-1.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP704\snapshot\MFEX-3.DAT -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP716\A0085747.cpl -> Downloader.Qoologic.ah : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP716\A0085748.dll -> Downloader.Qoologic.ah : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP748\A0089050.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090240.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090261.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090262.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090263.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090269.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090283.exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090283.exe/is468.exe -> Adware.Virtumonde : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090283.exe/mc-110-12-0000179.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090287.exe -> Downloader.PurityScan.ax : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090288.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090350.exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090350.exe/is468.exe -> Adware.Virtumonde : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090350.exe/mc-110-12-0000179.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090352.exe -> Adware.Virtumonde : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090355.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090356.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP756\A0090361.exe -> Downloader.Small.bke : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP762\A0091422.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP764\A0091551.exe -> Downloader.PurityScan.ax : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091603.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091604.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091609.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091611.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091612.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091619.exe -> Downloader.Agent.vp : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091620.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP766\A0091621.exe/mrjj.exe -> Trojan.LowZones.am : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP767\A0091632.exe -> Adware.Virtumonde : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP767\A0091651.dll -> Downloader.ConHook.r : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP768\A0091684.dll -> Downloader.ConHook.r : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP768\A0091685.dll -> Downloader.ConHook.r : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP768\A0091686.dll -> Downloader.ConHook.r : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP776\A0093647.exe -> Downloader.Qoologic.al : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP776\A0093658.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP776\A0093671.dll -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP776\A0093679.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP776\A0093746.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093881.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093884.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093885.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093974.exe -> Trojan.LowZones.am : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093980.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093982.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093983.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093984.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093986.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093987.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093988.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093990.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093991.dll -> Adware.EZula : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093994.exe -> Downloader.Small.bue : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093997.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP777\A0093999.exe -> Logger.Agent.gk : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP778\A0094229.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP778\A0094230.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP778\A0094232.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP778\A0094314.exe -> Downloader.PurityScan.br : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP778\A0094480.exe -> Downloader.VB.hw : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP779\A0094634.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP779\A0094635.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP779\A0094637.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP779\A0094719.exe -> Downloader.PurityScan.br : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP779\A0094885.exe -> Downloader.VB.hw : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP780\A0095048.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP780\A0095095.exe -> Downloader.PurityScan.br : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP780\A0095116.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP781\A0095157.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP781\A0095158.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096305.dll -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096348.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096349.dll -> Adware.Mirar : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096350.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096351.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096353.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096354.exe -> Downloader.Small.asf : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096355.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096356.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096360.exe -> Downloader.PurityScan.br : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096539.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096543.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096544.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP783\A0096545.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP784\A0096714.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP784\A0096715.dll -> Adware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP784\A0096716.exe -> Adware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP784\A0096931.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP784\A0096938.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP785\snapshot\MFEX-2.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP785\snapshot\MFEX-9.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\A0097313.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\A0097319.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\A0097326.dll -> Adware.Mirar : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-2.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-37.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-38.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-39.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-40.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-41.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-42.DAT -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP786\snapshot\MFEX-9.DAT -> Adware.Sud : Cleaned with backup
C:\WINNT\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINNT\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINNT\justin.exe -> Adware.EZula : Cleaned with backup
C:\WINNT\offun.exe -> Downloader.VB.hw : Cleaned with backup
C:\WINNT\system\QBUninstaller.exe -> Downloader.Small.aly : Cleaned with backup
C:\WINNT\system32\3esi279u.dll -> Adware.Saha : Cleaned with backup
C:\WINNT\system32\clusapi4.exe -> Spyware.VB : Cleaned with backup
C:\WINNT\system32\ddayv.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINNT\system32\df_kme.exe -> Adware.Winfixer : Cleaned with backup
C:\WINNT\system32\drivers\WFF.sys -> Adware.Winfixer : Cleaned with backup
C:\WINNT\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\WINNT\system32\ipst32.exe -> Logger.VB.eh : Cleaned with backup
C:\WINNT\system32\jqdsregl.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINNT\system32\whCC-CLICK.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\WINNT\Temp\mit270.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup
C:\WINNT\Temp\mit270.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup
C:\WINNT\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup
C:\WINNT\webhdll.dll_tobedeleted -> Spyware.WebHancer : Cleaned with backup
C:\WINNT\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup

::Report End

PANDA LOG::

Incident Status Location

Adware:adware/statblaster Not disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\WildApp.inf
Adware:adware program Not disinfected C:\WINNT\SYSTEM32\data.~
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
Adware:adware/sidesearch Not disinfected C:\WINNT\sepsd.bin
Spyware:application/bestoffer Not disinfected C:\WINNT\smdat32m.sys
Spyware:spyware/betterinet Not disinfected C:\WINNT\INF\biini.inf
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/dollarrevenue Not disinfected C:\PROGRAM FILES\COMMON FILES\VCClient
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinSoftware
Adware:adware/elitebar Not disinfected C:\Documents and Settings\Owner\Favorites\Casino & Carrers
Adware:adware/delfinmedia Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/esyndicate Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[.ask.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ntv9w4vn.pat shields\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\Virus-spyware removal\VundoFix\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\VundoFix\VundoFix\process.exe
Adware:Adware/SAHAgent Not disinfected C:\WINNT\ct9qql37.exe
Adware:Adware/Look2Me Not disinfected C:\WINNT\Downloaded Program Files\ax.ocx
Adware:Adware Program Not disinfected C:\WINNT\Downloaded Program Files\WildApp.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINNT\inf\biini.inf

MicroBell · Jan 28, 2006

Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

DISCONNECT your PC from any internet access.

Run hijackthis and fix the following entrys:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\system32\nsd94.dll (file missing)
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O2 - BHO: (no name) - {66F52D49-BFD8-9F7B-FB14-E92B26EDDEC8} - C:\WINNT\system32\mwahvb.dll (file missing)
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O2 - BHO: (no name) - {D84FF78D-354F-11BD-38BE-66F3CB3233C2} - C:\WINNT\system32\nux.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: ActiveShopperToolBar 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Program Files\DealBar\BarLcher.dll (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll (file missing)
O4 - HKLM\..\Run: [seli] C:\WINNT\seli.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysProtect] C:\Program Files\SysProtect\syp.exe /scan
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKCU\..\Run: [Zw37Rki2l] sllav.exe
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O8 - Extra context menu item: , - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: </RLS> - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: VERSION - file://C:\Program Files\COMMUNICATOR Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com...servicepack.cab
O20 - Winlogon Notify: ddccd - C:\WINNT\system32\ddccd.dll (file missing)

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINNT\seli.exe
C:\WINNT\VCMnet11.exe
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\WINNT\system32\irssyncd.exe
C:\WINNT\system32\pshwr.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\winCMAPP\wincmapp.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\CMSystem\CMSystem.exe
C:\windows\mrjj.exe
C:\Program Files\SysProtect\syp.exe
C:\WINNT\DOWNLOADED PROGRAM FILES\WildApp.inf
C:\WINNT\SYSTEM32\data.~
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
C:\WINNT\sepsd.bin
C:\WINNT\smdat32m.sys
C:\WINNT\INF\biini.inf
C:\PROGRAM FILES\COMMON FILES\InetGet
C:\PROGRAM FILES\COMMON FILES\VCClient
C:\PROGRAM FILES\COMMON FILES\WinSoftware
C:\Documents and Settings\Owner\Favorites\Casino & Carrers
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\WINNT\ct9qql37.exe
C:\WINNT\Downloaded Program Files\ax.ocx
C:\WINNT\inf\biini.inf

Once you reboot...

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Then reboot back to safe mode..

Run Ewido again and let it clean the PC.

Now Run KILLBOX again using the same instructions and files. We need to do this twice to make sure nothing survived.

Once you reboot... RECONNECT your internet access and post another Panda log and hijackthis log.

HJT log...suspected problems

UN)2EAL

Beta member

MicroBell

Daemon Poster

UN)2EAL

Beta member

MicroBell

Daemon Poster

UN)2EAL

Beta member

MicroBell

Daemon Poster

Similar threads