Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

GB Dialer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

GB Dialer

Unread postby Tracywt2 » April 22nd, 2006, 9:56 am

Hi,

I've followed you're instructions so far. Please see log below. I'm not very IT literate so please give step by step instructions.

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 14:54:04, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\wanadoo\wanadooconnectionkit\atdialler1.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websi ... ge-c11.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2312.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02D5635-5F40-4557-8253-D8B38F645DD2}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Tracywt2
Active Member
 
Posts: 14
Joined: April 22nd, 2006, 9:50 am
Advertisement
Register to Remove

gb dialer

Unread postby Tracywt2 » April 22nd, 2006, 2:49 pm

Forgot to add to my posting that we have 4 user acciounts. The problem seems to cured on Sam's but not mine. Would I have to apply a fix to each account?
Tracywt2
Active Member
 
Posts: 14
Joined: April 22nd, 2006, 9:50 am

Unread postby 'KotaGuy » April 23rd, 2006, 1:18 am

Hi Tracy!

For now login with the infected account.

You should also copy/paste this into a notepad or wordpad or print it out for reference during the fix as for part of you won't be able go online.

Download and install Ewido Anti-Malware. When installing do not activate Ewido's Real Time Protection. Update the program to its latest definitions. Close it when done. We will use it later.

Click Start>Run type in appwiz.cpl and hit enter. Uninstall:

MediaAccess

Please make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Run and scan with HijackThis. With all browsers and windows closed, place a check beside the following and fix:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [lich] lich.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websi ... ge-c11.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2312.exe


Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Search for and delete this folder:

C:\Program Files\Media Access

Search for and delete this file:

C:\Windows\System32\lich.exe

Run Ewido and do a full scan with it. Let it fix whatever it finds. Save the logfile to your Desktop.

Reboot Windows normally.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.


Post the Ewido log, the KAV scan log and a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

GB Dialer

Unread postby Tracywt2 » April 23rd, 2006, 11:21 am

Hope this is correct

Logfile of HijackThis v1.99.1
Scan saved at 16:18:53, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\wanadoo\wanadooconnectionkit\atdialler1.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02D5635-5F40-4557-8253-D8B38F645DD2}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Sunday, April 23, 2006 4:17:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 23/04/2006
Kaspersky Anti-Virus database records: 178204


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 145604
Number of viruses found 2
Number of infected objects 98
Number of suspicious objects 0
Duration of the scan process 00:54:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Sam\Local Settings\Temp\mso16D3A.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\mso2D76B.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\mso3A929.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\mso6BD02.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\mso8EAD2.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\msoDAE56.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\msoE6AA4.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Sam\Local Settings\Temp\msoFE946.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tracy Ward" ][Date Fri, 30 Sep 2005 21:20:48 +0100]/UNNAMED/UNNAMED Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tracy Ward" ][Date Fri, 30 Sep 2005 21:20:48 +0100]/UNNAMED Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Application Data\Identities\{4A77C32F-87D0-44F6-B7BC-35694028E757}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 2 skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\CA4LE5R0.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\CAZ6Y9NZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\contacting[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\eBayISAPI[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\friendsreunited[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\staff-look-up[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\testthenation[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\5DBBQWY1\university_park[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\Articles[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\images[9].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ASD7JYPN\povt[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\Contact[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\friendsreunited[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\B5F4PFZ8\search[12].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\apd.rdg.ac[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\friendsreunited[2].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\GARDENING13[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\index[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\iq[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\BPCOT7ZD\photo10515[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\HPUCZ7IR\index[3].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\183[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAEJCPMJ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAEJSXYR.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAGTIJW5.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAWTWXSZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\CAX7QM7Q.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\d6[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\moldhealth[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\orange-mobile-phones-prices[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\O1YBOH2R\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\CAQR2FUD.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\nottingham.ac[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\Q18MU5ZA\symbios[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\R660EDUR\Associations[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CA8XQFAZ.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CACXG10B.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\CAQV6JYD.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\default[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\enter[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\extra[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\marshmallowbrownies_8128[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[2].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\section_advert[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\S16JC1U7\stain_removal[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\advance_search[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAJEI1ZN.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAS9STCB.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\CAVU4NF9.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\core[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\events_halloween[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\index[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\mobiles.co[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\ST670DMN\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\182[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CA9K8F5L.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAAZSZL6.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAENW7LI.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAW10947.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\CAW5IZ8T.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\entertainment[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\orange-motorola-v545[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\results[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[4].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[5].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\WLQNWDYB\search[6].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\Program Files\Wanadoo\WSBar\localfaq.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP266\A0099076.exe Infected: Trojan.Win32.LowZones.dm skipped

C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0099880.exe Infected: Trojan.Win32.LowZones.dm skipped

C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP268\A0099881.exe Infected: Trojan.Win32.LowZones.dm skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\6[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\CAM7CV3O.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\CAS5OL87.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\home_homeoffice[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\index_ts[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7H4RUC9\support_options[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\F4JEHYJU\search[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\2005033108162039[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\CATC8ZXX.htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\J1APZIIN\google.co[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WAFSC4YH\searchResults[1].htm Infected: Exploit.JS.CVE-2006-1359.p skipped

Scan process completed.
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:36:37, 23/04/2006
+ Report-Checksum: 3130A422

+ Scan result:

HKU\S-1-5-21-3213709025-766886174-3985962080-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} -> Adware.2020Search : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkicmajocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkieocjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkighcpwfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkigldzglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkowpdpibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfkysiajgdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wfl4uld5ggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wflocpd5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wflognazsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgk4omdpwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgkigjcpkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgkyqldpgko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wglikmczgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wgloskajglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjkyenczolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjl4cndjsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjlokid5ibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjmiqjdzceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjnyopdpkfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@e-2dj6wjnysiajibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@emimusic.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@ostg.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sam\Cookies\sam@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfkiwlazoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfkyojdpibq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wfloepcpwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wflognazsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wgkiahczgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wgkyagczieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjk4cod5ebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjk4ujd5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjlyupdzgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmiomdzslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmiuicpado.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjmygjdpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@e-2dj6wjnyeodzocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Tracy\Cookies\tracy@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\R660EDUR\dba2312[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gba2312.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup


::Report End

Please advise on further action needed
Tracywt2
Active Member
 
Posts: 14
Joined: April 22nd, 2006, 9:50 am

Unread postby 'KotaGuy » April 23rd, 2006, 6:16 pm

Thanks for posting the logs!

Download CCleaner. Install the program. Don't run it yet.

Run and scan with HijackThis. With all browsers and windows closed, place a check beside the following and fix:

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

Boot into Safe Mode.

Search for and delete these folders:

C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.4

Empty your Recycle Bin. Run CCleaner.

Reboot Windows normally. Do another KAV scan and post the log along with a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Nick-YF19 » May 5th, 2006, 12:18 am

While we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 316 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware