Member Avatar for anofzinger

I was unaware of the dangers of using P2P program and my computer has been seriously hacked. I deleted 7.5 gigs of zip files that were being stored on my system. I keep getting bridge.dll errors and massive amounts of adware. I have included a HJT report. Please assist.

Logfile of HijackThis v1.99.1
Scan saved at 2:20:03 PM, on 06/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wqgmkie.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\wqgmkieA.exe
C:\WINDOWS\pop06ap2.exe
C:\Documents and Settings\Nof\Desktop\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Nof\Local Settings\Temp\{152BF35B-56D7-4652-B519-1661AAC270EE}\Shockwave_Installer_Full.exe
C:\DOCUME~1\Nof\LOCALS~1\Temp\GLB31.tmp
C:\DOCUME~1\NOF\LOCALS~1\TEMP\SHOCKW~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [wqgmkieA] C:\WINDOWS\wqgmkieA.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\lvr0099me.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe

  • 3 Contributors
  • 6 Replies
  • 305 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by azzadawg

Recommended Answers

All 6 Replies

Member Avatar for anofzinger

I also ran a Kapersky Scan..

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, June 14, 2006 3:03:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/06/2006
Kaspersky Anti-Virus database records: 188569
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Nof\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 30138
Number of viruses found: 13
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 00:33:36
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\quiqonq.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\yopyic.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\kbjksdk.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\ps.exe Infected: Trojan-Dropper.Win32.Agent.mf skipped
C:\WINDOWS\system32\astr.exe Infected: Trojan-Downloader.Win32.VB.na skipped
C:\WINDOWS\system32\gkkge.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\drsmartload280a.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\WINDOWS\system32\adsetup.exe Infected: Trojan-Dropper.Win32.Agent.abb skipped
C:\WINDOWS\system32\qywqa.dat Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\drwst.exe/data0001 Infected: Trojan.Win32.Runner.h skipped
C:\WINDOWS\system32\drwst.exe AWinstall: infected - 1 skipped
C:\WINDOWS\Downloaded Program Files\amm06.ocx Infected: Trojan-Downloader.Win32.VB.bo skipped
C:\WINDOWS\wqgmkie.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\WINDOWS\wqgmkieA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\WINDOWS\YazzleBundle-1119.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\YazzleBundle-1119.exe NSIS: infected - 1 skipped
C:\WINDOWS\htwfdr.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\U7UZ6LIZ\upp[1].htm Infected: Trojan-Clicker.JS.Linker.n skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\tm63841.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\tm13389.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
Scan process completed.

Member Avatar for tayspen

Hi, you are very infected, lets let ewido take out what it can.

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

_____________________________________________________

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

  • Right click the BFU folder on your desktop, and choose

Extract All
*Click "Next"
*In the box to choose where to extract the files to,
*Click "Browse"
*Click on the + sign next to "My Computer"
*Click on "Local Disk (C:\) or whatever your primary drive is
*Click "Make New Folder"
*Type in BFU
*Click "Next", and Uncheck the " Show Extracted Files" box and then click "Finish".
*Download [ color=red]qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
*Place qoofix.bat in your C:\BFU - folder. (Important!)[/ color]
*Doubleclick qooFix.bat, Close all browsers and explorer folders.
*Choose option 1 (Qoolfix autofix) and follow the prompts.
*Please be patient, it will take about five minutes.
*After the PC has restarted please post another hijackthis log.

Post all the requested logs - Also, please don't make more than one thread, we will get to you. We will continue here.

Member Avatar for anofzinger

Here are the requested reports...

Logfile of HijackThis v1.99.1
Scan saved at 9:53:00 AM, on 06/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\ir0ol5d31.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe (file missing)


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:27:20 AM, 06/15/2006
+ Report-Checksum: 3C62EBD2
+ Scan result:
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1505967013-126768958-1073486202-1005\Software\pynix -> Adware.MediaMotor : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
[1984] C:\WINDOWS\system32\kkdkaz.dll -> Adware.Look2Me : Error during cleaning
[2184] C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
[2448] C:\WINDOWS\system32\kkdkaz.dll -> Adware.Look2Me : Error during cleaning
[3140] C:\WINDOWS\wqgmkieA.exe -> Hijacker.VB.ij : Cleaned with backup
[3340] C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
[1964] C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
C:\WINDOWS\system32\mgmxsdk.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mmdtcprx.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\srdoclc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enp6l17s1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Oamdspif.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\bLtmeter.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvdmo.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ps.exe -> Dropper.Agent.mf : Cleaned with backup
C:\WINDOWS\system32\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\WINDOWS\system32\ikengine.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fppo0373e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\anmfd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lv2609fse.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drsmartload280a.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\system32\pwdx5016.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\q8680ijue8o80.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\inst_0006.exe -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\adsetup.exe -> Dropper.Agent.abb : Cleaned with backup
C:\WINDOWS\system32\rqbdyctl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qywqa.dat -> Downloader.Qoologic.ax : Cleaned with backup
C:\WINDOWS\system32\drwst.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
C:\WINDOWS\system32\lvjo0913e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l64qlgh5164.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enjml1111.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o084lalq1dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l4n40e5qeh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\wqgmkie.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\wqgmkieA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\htwfdr.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074643.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074654.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074655.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074656.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074657.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074674.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074675.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074676.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074677.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074680.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074681.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074815.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074970.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074982.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074985.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074986.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075040.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075041.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075049.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075050.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075051.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075052.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075102.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075103.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075104.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075106.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075107.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075110.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075111.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075123.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075124.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075126.exe -> Adware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075246.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075247.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075250.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075251.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075596.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075598.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075599.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075603.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075620.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075621.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075622.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075623.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075656.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075657.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075658.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075659.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076644.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076645.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076646.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076647.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070901.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070909.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070911.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070912.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070913.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070958.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070963.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070964.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070965.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070966.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070969.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\snapshot\MFEX-1.DAT -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\snapshot\MFEX-2.DAT -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070975.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070982.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070983.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070984.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071108.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071978.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071979.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071980.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071981.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071985.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071986.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071991.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071992.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071993.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071994.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072000.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072002.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072010.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072011.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072012.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072013.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072022.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072027.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072035.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072036.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072037.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072038.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072065.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072066.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072075.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072076.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072077.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072078.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072091.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072132.exe -> Downloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072134.dll -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072140.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072265.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072266.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072279.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072280.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072281.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072282.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072454.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072455.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072456.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072457.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072458.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072472.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072473.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072646.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072647.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072680.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072687.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072688.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072689.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072872.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072875.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072876.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072885.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072886.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072995.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072996.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073023.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073024.DLL -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073034.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073035.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073036.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074610.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074618.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074619.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074620.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074621.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073316.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073320.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073321.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073322.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073454.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073455.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073463.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073464.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073465.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073466.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074454.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074462.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074463.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074464.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074465.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074472.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074473.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074577.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074578.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074585.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074586.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074594.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074595.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074596.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074597.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\Recycled\NPROTECT\00001060.dll -> Adware.Look2Me : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup

::Report End

Member Avatar for tayspen

Please download Look2Me-Destroyer.exe to your desktop.

  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

And we will continue cleaning...

Member Avatar for anofzinger

Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/15/2006 5:25:06 PM
Infected! C:\WINDOWS\system32\ir0ol5d31.dll
Infected! C:\WINDOWS\system32\djmv2clt.dll
Infected! C:\WINDOWS\system32\kkdkaz.dll
Infected! C:\WINDOWS\system32\ir0ol5d31.dll
Infected! C:\WINDOWS\system32\o4pq0e75eh.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll
Infected! C:\Recycled\NPROTECT\00001348.dll
Infected! C:\Recycled\NPROTECT\00001349.dll
Infected! C:\Recycled\NPROTECT\00001350.dll
Infected! C:\Recycled\NPROTECT\00001354.dll
Infected! C:\Recycled\NPROTECT\00001357.dll
Infected! C:\Recycled\NPROTECT\00001359.dll
Infected! C:\Recycled\NPROTECT\00001362.dll
Infected! C:\Recycled\NPROTECT\00001367.dll
Infected! C:\Recycled\NPROTECT\00001514.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\ir0ol5d31.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\djmv2clt.dll
C:\WINDOWS\system32\djmv2clt.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kkdkaz.dll
C:\WINDOWS\system32\kkdkaz.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\ir0ol5d31.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\o4pq0e75eh.dll
C:\WINDOWS\system32\o4pq0e75eh.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001348.dll
C:\Recycled\NPROTECT\00001348.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001349.dll
C:\Recycled\NPROTECT\00001349.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001350.dll
C:\Recycled\NPROTECT\00001350.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001354.dll
C:\Recycled\NPROTECT\00001354.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001357.dll
C:\Recycled\NPROTECT\00001357.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001359.dll
C:\Recycled\NPROTECT\00001359.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001362.dll
C:\Recycled\NPROTECT\00001362.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001367.dll
C:\Recycled\NPROTECT\00001367.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001514.dll
C:\Recycled\NPROTECT\00001514.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{12E49936-A787-4C56-BB13-0905D2AB5989}"
HKCR\Clsid\{12E49936-A787-4C56-BB13-0905D2AB5989}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded
--------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:31:51 PM, on 06/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe (file missing)

Member Avatar for azzadawg

I am too having that same problem and its been well over a minute and nothings happened, I downloaded that look2me destroyer program and it's just not starting

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.