0

I was unaware of the dangers of using P2P program and my computer has been seriously hacked. I deleted 7.5 gigs of zip files that were being stored on my system. I keep getting bridge.dll errors and massive amounts of adware. I have included a HJT report. Please assist.

Logfile of HijackThis v1.99.1
Scan saved at 2:20:03 PM, on 06/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wqgmkie.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\wqgmkieA.exe
C:\WINDOWS\pop06ap2.exe
C:\Documents and Settings\Nof\Desktop\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Nof\Local Settings\Temp\{152BF35B-56D7-4652-B519-1661AAC270EE}\Shockwave_Installer_Full.exe
C:\DOCUME~1\Nof\LOCALS~1\Temp\GLB31.tmp
C:\DOCUME~1\NOF\LOCALS~1\TEMP\SHOCKW~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [wqgmkieA] C:\WINDOWS\wqgmkieA.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\lvr0099me.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe

3
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by azzadawg
0

I also ran a Kapersky Scan..

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, June 14, 2006 3:03:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/06/2006
Kaspersky Anti-Virus database records: 188569
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Nof\LOCALS~1\Temp\
Scan Statistics:
Total number of scanned objects: 30138
Number of viruses found: 13
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 00:33:36
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\quiqonq.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\yopyic.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\kbjksdk.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\ps.exe Infected: Trojan-Dropper.Win32.Agent.mf skipped
C:\WINDOWS\system32\astr.exe Infected: Trojan-Downloader.Win32.VB.na skipped
C:\WINDOWS\system32\gkkge.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\drsmartload280a.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\WINDOWS\system32\adsetup.exe Infected: Trojan-Dropper.Win32.Agent.abb skipped
C:\WINDOWS\system32\qywqa.dat Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\Tagasuarus5.exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\drwst.exe/data0001 Infected: Trojan.Win32.Runner.h skipped
C:\WINDOWS\system32\drwst.exe AWinstall: infected - 1 skipped
C:\WINDOWS\Downloaded Program Files\amm06.ocx Infected: Trojan-Downloader.Win32.VB.bo skipped
C:\WINDOWS\wqgmkie.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\WINDOWS\wqgmkieA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\WINDOWS\YazzleBundle-1119.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\YazzleBundle-1119.exe NSIS: infected - 1 skipped
C:\WINDOWS\htwfdr.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\U7UZ6LIZ\upp[1].htm Infected: Trojan-Clicker.JS.Linker.n skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\tm63841.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\DOCUME~1\Nof\LOCALS~1\Temp\tm13389.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
Scan process completed.

0

Hi, you are very infected, lets let ewido take out what it can.

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

_____________________________________________________

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

  • Right click the BFU folder on your desktop, and choose

Extract All
*Click "Next"
*In the box to choose where to extract the files to,
*Click "Browse"
*Click on the + sign next to "My Computer"
*Click on "Local Disk (C:\) or whatever your primary drive is
*Click "Make New Folder"
*Type in BFU
*Click "Next", and Uncheck the " Show Extracted Files" box and then click "Finish".
*Download [ color=red]qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
*Place qoofix.bat in your C:\BFU - folder. (Important!)[/ color]
*Doubleclick qooFix.bat, Close all browsers and explorer folders.
*Choose option 1 (Qoolfix autofix) and follow the prompts.
*Please be patient, it will take about five minutes.
*After the PC has restarted please post another hijackthis log.

Post all the requested logs - Also, please don't make more than one thread, we will get to you. We will continue here.

0

Here are the requested reports...

Logfile of HijackThis v1.99.1
Scan saved at 9:53:00 AM, on 06/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\ir0ol5d31.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe (file missing)


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:27:20 AM, 06/15/2006
+ Report-Checksum: 3C62EBD2
+ Scan result:
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1505967013-126768958-1073486202-1005\Software\pynix -> Adware.MediaMotor : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
[1984] C:\WINDOWS\system32\kkdkaz.dll -> Adware.Look2Me : Error during cleaning
[2184] C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
[2448] C:\WINDOWS\system32\kkdkaz.dll -> Adware.Look2Me : Error during cleaning
[3140] C:\WINDOWS\wqgmkieA.exe -> Hijacker.VB.ij : Cleaned with backup
[3340] C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
[1964] C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
C:\WINDOWS\system32\mgmxsdk.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mmdtcprx.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\srdoclc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enp6l17s1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Oamdspif.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\bLtmeter.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvdmo.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ps.exe -> Dropper.Agent.mf : Cleaned with backup
C:\WINDOWS\system32\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\WINDOWS\system32\ikengine.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fppo0373e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\anmfd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lv2609fse.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drsmartload280a.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\system32\pwdx5016.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\q8680ijue8o80.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\inst_0006.exe -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\adsetup.exe -> Dropper.Agent.abb : Cleaned with backup
C:\WINDOWS\system32\rqbdyctl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qywqa.dat -> Downloader.Qoologic.ax : Cleaned with backup
C:\WINDOWS\system32\drwst.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\system32\iniwin32.dll -> Adware.E2give : Error during cleaning
C:\WINDOWS\system32\lvjo0913e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l64qlgh5164.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enjml1111.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o084lalq1dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\l4n40e5qeh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\wqgmkie.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\wqgmkieA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\htwfdr.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Nof\Local Settings\Temp\Cookies\nof@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nof\Cookies\nof@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074643.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074654.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074655.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074656.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074657.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074674.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074675.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074676.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074677.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074680.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074681.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP310\A0074815.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074970.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074982.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074985.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0074986.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075040.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075041.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075049.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075050.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075051.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP311\A0075052.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075102.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075103.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075104.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075106.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075107.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075110.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075111.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075123.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075124.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075126.exe -> Adware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075246.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075247.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075250.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075251.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075596.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075598.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075599.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075603.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075620.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075621.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075622.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP312\A0075623.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075656.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075657.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075658.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0075659.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076644.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076645.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076646.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076647.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070901.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070909.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070911.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070912.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070913.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070958.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070963.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070964.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070965.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070966.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP302\A0070969.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\snapshot\MFEX-1.DAT -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\snapshot\MFEX-2.DAT -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070975.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070982.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070983.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0070984.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071108.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071973.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071978.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071979.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071980.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP303\A0071981.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071985.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071986.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071991.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071992.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071993.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0071994.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072000.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072002.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072010.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072011.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072012.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP305\A0072013.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072022.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072027.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072035.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072036.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072037.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072038.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072065.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072066.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072075.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072076.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072077.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072078.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072091.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072132.exe -> Downloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072134.dll -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072140.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072265.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072266.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072279.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072280.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072281.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP306\A0072282.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072454.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072455.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072456.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072457.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072458.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072472.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072473.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072646.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072647.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072680.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072687.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072688.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072689.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072872.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072875.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072876.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072885.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072886.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072995.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0072996.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073023.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073024.DLL -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073034.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073035.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP307\A0073036.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074610.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074618.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074619.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074620.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074621.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073316.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073320.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073321.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073322.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073454.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073455.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073463.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073464.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073465.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0073466.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074454.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074462.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074463.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074464.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074465.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074472.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074473.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074577.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074578.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074585.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074586.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074594.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074595.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074596.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP308\A0074597.dll -> Downloader.Qoologic.ax : Cleaned with backup
C:\Recycled\NPROTECT\00001060.dll -> Adware.Look2Me : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup

::Report End

0

Please download Look2Me-Destroyer.exe to your desktop.

  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

And we will continue cleaning...

0

Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/15/2006 5:25:06 PM
Infected! C:\WINDOWS\system32\ir0ol5d31.dll
Infected! C:\WINDOWS\system32\djmv2clt.dll
Infected! C:\WINDOWS\system32\kkdkaz.dll
Infected! C:\WINDOWS\system32\ir0ol5d31.dll
Infected! C:\WINDOWS\system32\o4pq0e75eh.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll
Infected! C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll
Infected! C:\Recycled\NPROTECT\00001348.dll
Infected! C:\Recycled\NPROTECT\00001349.dll
Infected! C:\Recycled\NPROTECT\00001350.dll
Infected! C:\Recycled\NPROTECT\00001354.dll
Infected! C:\Recycled\NPROTECT\00001357.dll
Infected! C:\Recycled\NPROTECT\00001359.dll
Infected! C:\Recycled\NPROTECT\00001362.dll
Infected! C:\Recycled\NPROTECT\00001367.dll
Infected! C:\Recycled\NPROTECT\00001514.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\ir0ol5d31.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\djmv2clt.dll
C:\WINDOWS\system32\djmv2clt.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kkdkaz.dll
C:\WINDOWS\system32\kkdkaz.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ir0ol5d31.dll
C:\WINDOWS\system32\ir0ol5d31.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\o4pq0e75eh.dll
C:\WINDOWS\system32\o4pq0e75eh.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076649.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076654.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll
C:\System Volume Information\_restore{93EA7FB1-3634-4E01-BFEE-735EDB571361}\RP314\A0076670.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001348.dll
C:\Recycled\NPROTECT\00001348.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001349.dll
C:\Recycled\NPROTECT\00001349.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001350.dll
C:\Recycled\NPROTECT\00001350.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001354.dll
C:\Recycled\NPROTECT\00001354.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001357.dll
C:\Recycled\NPROTECT\00001357.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001359.dll
C:\Recycled\NPROTECT\00001359.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001362.dll
C:\Recycled\NPROTECT\00001362.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001367.dll
C:\Recycled\NPROTECT\00001367.dll Deleted successfully!
Attempting to delete: C:\Recycled\NPROTECT\00001514.dll
C:\Recycled\NPROTECT\00001514.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{12E49936-A787-4C56-BB13-0905D2AB5989}"
HKCR\Clsid\{12E49936-A787-4C56-BB13-0905D2AB5989}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded
--------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:31:51 PM, on 06/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Program Files\HighJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://westtexas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yopyic.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [w8c704df.dll] RUNDLL32.EXE w8c704df.dll,I2 000b597108c704df
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [rzzi] C:\PROGRA~1\COMMON~1\rzzi\rzzim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146529056042
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wqgmkie.exe (file missing)

0

I am too having that same problem and its been well over a minute and nothings happened, I downloaded that look2me destroyer program and it's just not starting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.