pop up problem please help!!!

Question

kaj_kyle 0 Newbie Poster

17 Years Ago

Alright so here is my problem, i get a pop up for many poker sites and other advertisements about every minute. I have tried running many different pop up blockers but i can not get rid of the problem. Here my HijackThis file:
Logfile of HijackThis v1.99.1
Scan saved at 10:08:34 PM, on 6/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\S3lsZSBKb2huc29u\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\Promon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\ms03613878876.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\CROSOF~1.NET\services.exe
C:\w?nspool.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\USDR6_0001_D08M0404NetInstaller.exe
C:\DOCUME~1\KYLEJO~1\LOCALS~1\Temp\USDR6_0001_D08M0404\installer.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Kyle Johnson\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms03613878876] C:\WINDOWS\ms03613878876.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [win3206878876613] C:\WINDOWS\win3206878876613.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [defender] c:\\defender23a.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [Windows Compliant] ucqrjj.exe
O4 - HKCU\..\Run: [WindowsRegistration] glspbmz.exe
O4 - HKCU\..\Run: [window2] host.exe
O4 - HKCU\..\Run: [Windows SSL File] winssv.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\services.exe" -vt mt
O4 - HKCU\..\Run: [Iynkfhrn] \w?nspool.exe
O4 - HKCU\..\Run: [ozmz] C:\PROGRA~1\COMMON~1\ozmz\ozmzm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunex.mht!http://adgate.info/zscript/pre.chm::/pre.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adgate.info/zscript/yea.chm::/recife.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nesuned.mht!http://adgate.info/zscript/dra.chm::/3138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\KYLEJO~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2830ddd46a147e853a04/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\gp4ql3h51.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSBKb2huc29u\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

thanks for any responces

windows-virus

2 Contributors
5 Replies
426 Views
1 Day Discussion Span
Latest Post 17 Years Ago Latest Post by crunchie

All 5 Replies

crunchie 990 Most Valuable Poster

17 Years Ago

Hi and welcome to Daniweb forums :).

Please download Look2Me-Destroyer.exe to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK.
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning[/color\ message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt .
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

==

Please download the trial version of Ewido anti-malware here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

crunchie 990 Most Valuable Poster

17 Years Ago

You got some work ahead of you now :).

Run the PurityScan uninstaller.

==

Can you please do the following.

===============

When we're done cleaning off your system, I'd recommend that you install all the critical windows updates available from Microsoft, up to service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccurring in the future.

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

SurfSideKick
WebHancer

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HiJackThis, then check(tick) the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [win3206878876613] C:\WINDOWS\win3206878876613.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKCU\..\Run: [Windows Compliant] ucqrjj.exe
O4 - HKCU\..\Run: [WindowsRegistration] glspbmz.exe
O4 - HKCU\..\Run: [window2] host.exe
O4 - HKCU\..\Run: [Windows SSL File] winssv.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\services.exe" -vt mt
O4 - HKCU\..\Run: [ozmz] C:\PROGRA~1\COMMON~1\ozmz\ozmzm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunex.mht!http://adgate.info/zscript/pre.chm::/pre.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adgate.info/zscript/yea.chm::/recife.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nesuned.mht!http://adgate.info/zscript/dra.chm::/3138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\KYLEJO~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2830ddd4...p/RdxIE601.cab

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSBKb2huc29u\command.exe

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\ipwins
C:\Program Files\SurfSideKick 3
C:\Program Files\webHancer
C:\PROGRA~1\COMMON~1\CROSOF~1.NET
C:\PROGRA~1\COMMON~1\ozmz
C:\Program Files\PartyGaming
C:\WINDOWS\S3lsZSBKb2huc29u

files...

C:\WINDOWS\System32\sfg.dll
C:\WINDOWS\win3206878876613.exe
C:\\defender23a.exe
C:\Program Files\Common Files\mc-110-12-0000228.exe

Search for...

ucqrjj.exe
glspbmz.exe
host.exe
winssv.exe
SndMon32.exe
SysDebug.exe
QuicktimeMngr.exe
wvsvc.exe
vpc32.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Boot into safe mode and run Ewido again. Post logs from Ewido and hijackthis please.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kaj_kyle 0 Newbie Poster · Answer 1 · 2006-06-12T07:56:21+00:00

First of all thanks for the help
There was a problem while following your instruction. While cleaning using ewido, the program froze at surfsidekick, i tried again it froze again at the same file, this did not allow me to finish cleaning using ewido. Here are the new hijackthis and look2me files:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/11/2006 11:22:09 AM
Infected! C:\WINDOWS\system32\i6lolg3316.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\i6lolg3316.dll
C:\WINDOWS\system32\i6lolg3316.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7FBB568-3C19-49E6-A009-97CEBFE15361}"
HKCR\Clsid\{D7FBB568-3C19-49E6-A009-97CEBFE15361}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{528DB7FF-5A97-414D-9079-557FE7C3E23A}"
HKCR\Clsid\{528DB7FF-5A97-414D-9079-557FE7C3E23A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1333855D-C29C-4A97-8085-5B9EE8217FE9}"
HKCR\Clsid\{1333855D-C29C-4A97-8085-5B9EE8217FE9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD33AF58-14BB-43CC-ADD1-24B429EB9844}"
HKCR\Clsid\{BD33AF58-14BB-43CC-ADD1-24B429EB9844}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9A0865A2-B991-4579-A8C8-57F706DDE274}"
HKCR\Clsid\{9A0865A2-B991-4579-A8C8-57F706DDE274}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0FF9C85E-CF87-4CA5-BE26-C8DCEE5D6159}"
HKCR\Clsid\{0FF9C85E-CF87-4CA5-BE26-C8DCEE5D6159}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Logfile of HijackThis v1.99.1
Scan saved at 7:14:23 PM, on 6/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\Promon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Documents and Settings\Kyle Johnson\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [win3206878876613] C:\WINDOWS\win3206878876613.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Windows Compliant] ucqrjj.exe
O4 - HKCU\..\Run: [WindowsRegistration] glspbmz.exe
O4 - HKCU\..\Run: [window2] host.exe
O4 - HKCU\..\Run: [Windows SSL File] winssv.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Auto updat] SysDebug.exe
O4 - HKCU\..\Run: [QuicktimeMngr] QuicktimeMngr.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ohmt] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\services.exe" -vt mt
O4 - HKCU\..\Run: [Iynkfhrn] \w?nspool.exe
O4 - HKCU\..\Run: [ozmz] C:\PROGRA~1\COMMON~1\ozmz\ozmzm.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunex.mht!http://adgate.info/zscript/pre.chm::/pre.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adgate.info/zscript/yea.chm::/recife.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - ms-its:mhtml:file://c:\nesuned.mht!http://adgate.info/zscript/dra.chm::/3138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\KYLEJO~1\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2830ddd46a147e853a04/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSBKb2huc29u\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

kaj_kyle 0 Newbie Poster · Answer 2 · 2006-06-12T12:20:04+00:00

alright everything seems to be running fine, thank u so much!!
here are my new files:
Logfile of HijackThis v1.99.1
Scan saved at 12:13:47 AM, on 6/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\Promon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kyle Johnson\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSBKb2huc29u\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:09:42 AM, 6/12/2006
+ Report-Checksum: 3E8A3821
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3852222622-1203367206-2587936551-1005\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-3852222622-1203367206-2587936551-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-3852222622-1203367206-2587936551-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Local Settings\Temp\wups.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@kmpads"]johnson@kmpads[/EMAIL][2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@atdmt"]johnson@atdmt[/EMAIL][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@hitbox"]johnson@hitbox[/EMAIL][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@doubleclick"]johnson@doubleclick[/EMAIL][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@ehg-neteller.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle johnson@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@com"]johnson@com[/EMAIL][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kyle Johnson\Cookies\kyle [EMAIL="johnson@mediaplex"]johnson@mediaplex[/EMAIL][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\PurityScan -> Adware.PurityScan : Cleaned with backup
C:\Program Files\PurityScan\PuritySCANUninstall.exe -> Adware.PurityScan : Cleaned with backup
C:\Program Files\PurityScan\OINSetup.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0104851.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0104852.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0104853.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0104854.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0105054.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0105055.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP405\A0105056.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105101.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105104.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105105.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105107.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105108.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105111.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105112.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105127.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105128.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105129.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105137.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105138.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105143.exe -> Downloader.Adload.bu : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105146.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105149.exe -> Downloader.PurityScan.cp : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105150.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105155.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105160.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105166.ocx -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105171.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105172.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP406\A0105173.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105191.exe -> Downloader.VB.fi : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105193.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105200.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105201.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105206.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105217.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105219.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105230.DLL -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105237.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105238.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105239.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105265.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105266.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105267.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105270.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105299.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105300.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105301.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105304.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105306.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105307.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105310.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105326.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105327.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105335.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105336.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105337.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105353.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105354.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP407\A0105355.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105383.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105385.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105387.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105389.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105391.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105392.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105393.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105397.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105407.EXE -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105408.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105409.DLL -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105415.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP408\A0105417.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106406.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106414.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106415.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106416.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106435.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106436.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106437.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106459.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106460.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106461.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106463.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106465.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106485.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106486.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP409\A0106487.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106505.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106506.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106507.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106522.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106523.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106524.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP410\A0106527.exe -> Downloader.Adload.bu : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0106558.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0106559.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0106560.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0106563.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0106565.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107557.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107558.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107559.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107562.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107563.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107566.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107592.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107593.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107594.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107598.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107602.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP411\A0107612.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107619.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107620.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107621.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107622.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107623.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107624.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107625.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107626.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107627.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107628.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107636.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107640.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107643.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107645.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107646.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107650.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP412\A0107652.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108639.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108642.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108643.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108644.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108653.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108659.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108660.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108661.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP413\A0108662.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108686.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108688.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108692.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108696.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108697.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108698.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108710.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108711.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108712.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108724.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108725.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108726.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108749.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108750.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108751.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108752.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108753.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108754.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108755.exe -> Hijacker.VB.lb : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108756.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108757.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108758.exe -> Downloader.PurityScan.cp : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108759.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108760.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108761.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108762.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108763.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108764.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108765.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108766.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108767.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108768.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108769.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108770.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108771.exe -> Downloader.Adload.bo : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108772.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108773.exe -> Downloader.Adload.bo : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108774.exe -> Downloader.Adload.bo : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108775.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108776.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108777.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108778.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108779.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108780.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108781.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108782.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108783.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108785.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108787.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108788.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108789.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108790.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108793.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108798.exe -> Hijacker.StartPage.aju : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0108799.exe -> Downloader.VB.abm : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0109794.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0113799.exe -> Downloader.VB.adw : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0113803.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115807.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115809.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115815.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115817.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115818.dll -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115988.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115992.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7663733C-DB75-4E66-ABEF-33614423B53B}\RP414\A0115993.exe -> Adware.WebHancer : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.bv : Cleaned with backup
C:\defender24.exe -> Hijacker.VB.ly : Cleaned with backup
C:\keyboard24.exe -> Backdoor.VB.ary : Cleaned with backup
C:\newname24.exe -> Downloader.VB.adw : Cleaned with backup
C:\drsmartload849a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\defender25.exe -> Downloader.Adload.bx : Cleaned with backup
C:\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup

once again thank u so much u saved my comp haha

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2006-06-12T12:52:18+00:00

Good job there :).

Go to;

Start>>Run and type regedit
Press enter.
Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Command Service (cmdService)

If Command Service (cmdService) exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Command Service (cmdService)

If LEGACY_Command Service (cmdService) exists then right click on it and choose delete from the menu.

==

Should be good to go then :).

pop up problem please help!!!

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers