Ad-Aware Found Look2Me virus, guard.tmp

Question

lizbetsweet

17 Years Ago

Hello folks,

I have already downloaded the Look2Mefix and have done option 1.
I will post and wait for further instructions. Here is what my Hijack file looks like pre-Look2Mefix option 1.

If anyone sees anything else other than the Look2Me virus, let me know.

Thanks in advance,

Regards,
Liz

Logfile of HijackThis v1.99.1
Scan saved at 1:46:01 PM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\TrojanHunter 4.5\TrojanHunter.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Stefanie\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uaeeimb.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: desktop(2).ini
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Microsoft Office(2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Support Center(2).lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwnsp.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11111111-1111-1111-1111-111111114457} - file://c:\ied_s7m.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152241053376
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Stefanie\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\tmp_262.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\gp62l3jo1.dll
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

windows-virus

2 Contributors
4 Replies
124 Views
3 Days Discussion Span
Latest Post 17 Years Ago Latest Post by lizbetsweet

All 4 Replies

DMR 152 Wombat At Large

17 Years Ago

You've definitely got a few unwanted guests, but I'd like to see the log file that L2MFix generated before proceeding. If you don't have that log, please run L2MFix again to create a new one:

* Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening.
* After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

lizbetsweet · Answer 1 · 2006-07-11T04:36:55+00:00

Hello,

Thanks for responding to my post!

Unfortunately, the L2MFix didn't work for me.
All I got was a command window with a blinking cursor.
Typing the 1 at the blinking cursor didn't do anything.
So, I find another fix for it called Look2MeDestroyer.
I believe I got rid of the file that was the Look2Me issue,
but not sure.
I think it was something like CCZoop05.exe
I ran another log which you will see below.
I still am having issues with the Qoologic trojan and other
browser hijackers.

I also have saved logs from my Ad-Aware scans if that will help.
I don't believe I received a log from the Look2MeDestroyer.

Logfile of HijackThis v1.99.1
Scan saved at 4:59:03 AM, on 7/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\DOCUME~1\Stefanie\LOCALS~1\Temp\win32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Stefanie\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kewbx.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uaeeimb.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: desktop(2).ini
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office(2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Support Center(2).lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.media- motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {11111111-1111-1111-1111-111111114457} - file://c:\ied_s7m.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152241053376
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Stefanie\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\tmp_262.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

You've definitely got a few unwanted guests, but I'd like to see the log file that L2MFix generated before proceeding. If you don't have that log, please run L2MFix again to create a new one:
* Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening.
* After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!

DMR 152 Wombat At Large Team Colleague · Answer 2 · 2006-07-11T06:00:10+00:00

L2MFix didn't work for me.
All I got was a command window with a blinking cursor.
Typing the 1 at the blinking cursor didn't do anything.

I hate to ask the obvious, but you did press the Enter key after typing the "1", yes?

You still have multiple malicious components indicated in your log (including Qoologic). Let's start with the following:

You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.

* Download the following utilities and save them to a convenient location:

ewido Anti-spyware (30-day trial version) - http://www.ewido.net/en/download/
QooFix
ATF-Cleaner

Install and Configure ewido:

Close all other Applications and then run the ewido installer
Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
This in very important to get updates
When updating has finished. Close Ewido.

* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button.
Close HijackThis once the fixes complete:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kewbx.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,uaeeimb.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.media- motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111114457} - file://c:\ied_s7m.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/pages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Stefanie\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\tmp_262.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

* Install and Run QooFix:

Unzip the files from Qoofix.zip to a convenient location such as C:\Qoofix.
Navigate to the folder you unzipped the files to and double click on the file named Qoofix.exe.
Finally, select Begin Removal and the removal process will commence. A reboot may be necessary if an infection is found.

* Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Log in to the Administrator account.

* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Search for the following files and delete them if found:
C:\WINDOWS\System32\kewbx.exe
C:\WINDOWS\system32\uaeeimb.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\System32\dmonwv.dll
c:\ied_s7m.cab
C:\WINDOWS\System32\tmp_262.dll

* Empty your Recycle Bin and reboot normally.

* Run HijackThis again and post the new log. Also post the log that ewido generated.

lizbetsweet · Answer 3 · 2006-07-12T13:43:40+00:00

Hello DMR,

Thanks for responding.
Ok, I followed your instructions to the letter.

Yet the problem remains. I still see my browsers being hijacked
by various ads.

I've also ran Trojan Hunter, Lavasoft Ad-Aware, and Spybot S&D in addition to running the three things you mentioned: ewido, aTF and Qoofix.

Here's the Hijackthis log and next will be the ewido log.

Logfile of HijackThis v1.99.1
Scan saved at 3:29:19 AM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Stefanie\My Documents\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getproxy
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: desktop(2).ini
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office(2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Verizon Online Support Center(2).lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152241053376
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

The ewido log is below:
[Mod's note: Many duplicate "Tracking Cookie" entries snipped to ease log review]

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:18:45 AM 7/12/2006
+ Scan result:

C:\Documents and Settings\Stefanie\Local Settings\Temporary Internet Files\Content.IE5\OLQ7WHEB\AppWrap[1].exe.tcf -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\icont.exe.tcf -> Adware.AdURL : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\3b1akl1x\3b1akl1x.dll.tcf -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ief9ac0b.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\temp.fr4CA0 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\temp.fr4F23 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\temp.fr6F36 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\My Documents\My Downloads\backups\backup-20060711-223807-885.dll -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\NNSCAA638(2).EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\АрpPatch\аti2evxx.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\i51.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\i68.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temp\i6A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmonwv.dll.tcf -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\WINDOWS\zuckdha.exe.tcf -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\WINDOWS\installer_2512.exe.tcf -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w79eb289.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temporary Internet Files\Content.IE5\HUZXPA8I\popup[1].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Stefanie\Local Settings\Temporary Internet Files\Content.IE5\TDJY1PLZ\popup[1].php -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\pre.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-6.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-7.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.106:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.269:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.270:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.271:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.272:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.183:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-15.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-33.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-14.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-28.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.295:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
:mozilla.100:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-21.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.29:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.79:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-33.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.194:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.196:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.150:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Com : Cleaned.
:mozilla.13:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-4.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.12:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-4.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-35.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-6.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-7.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.104:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.10:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-17.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.223:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-2.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.146:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.147:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.148:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.216:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.7:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-5.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.19:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-15.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-15.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.27:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-15.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.28:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-15.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.329:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.330:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.331:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.332:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.333:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.58:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.59:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.60:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.61:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.151:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.10:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-37.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.95:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-16.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.72:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.115:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Stefanie\Local Settings\Temp\Cookies\stefanie@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.232:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.233:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.234:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.73:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.74:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.75:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.76:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.18:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-31.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.203:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.204:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.101:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Profiles\default\1q36wbdw.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.10:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-28.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.80:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-33.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.207:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.208:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.209:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.210:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.211:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.212:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.10:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-10.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Stefanie\Cookies\stefanie@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Stefanie\Application Data\Mozilla\Firefox\Profiles\ur67740i.default\cookies-33.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\thiselt.exe -> Trojan.Popuper : Cleaned with backup (quarantined).
C:\WINDOWS\unwn.exe.tcf -> Trojan.Qoologic : Cleaned with backup (quarantined).

::Report end

Ad-Aware Found Look2Me virus, guard.tmp

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers