Generic Downloader .ab

Hey guys,

I was here a good while back and you were able to help me out perfectly - thanks! But alas, I've a new problem. McAfee was detecting the generic downloader.ab and unable to delete it, it just kept coming back. I turned off system restore and ran a scan in safe mode and this seemed to work better, but it came back again. I had to go away for the weekend and my dad allowed one of the programs through the firewall (Microsoft MediaUpload? - bgates.exe) and now my computer is littered with phoney antivirus software and security alerts. The homepage has changed too. Here my hijack this log... any help would be greatly appreciated...

Logfile of HijackThis v1.99.1
Scan saved at 10:53:38, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\George Nolan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cs.tcd.ie/proxy.cgi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AntivirusGolden] C:\Program Files\AntivirusGolden\AntivirusGolden.exe /h
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks guys and sorry to bother you again.

 

Hey, I've tried ewido and spysweeper in safe mode since posting this... They detected reams of stuff, but the infection seems to be still there. Here's the latest HijackThis logfile...

Logfile of HijackThis v1.99.1
Scan saved at 14:57:01, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\George Nolan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ryanair.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.cs.tcd.ie/proxy.cgi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,20/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

And the SpySweeper logfile...

********
13:50: | Start of Session, 10 July 2006 |
13:50: Spy Sweeper started
13:50: Sweep initiated using definitions version 714
13:50: Starting Memory Sweep
13:54: Memory Sweep Complete, Elapsed Time: 00:03:41
13:54: Starting Registry Sweep
13:54: Found Adware: antivirus gold
13:54: HKCR\appid\cerberus.exe\ (1 subtraces) (ID = 103593)
13:54: Found Adware: antivirus gold components
13:54: HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103594)
13:54: HKCR\cerberus.enginelistener.1\ (3 subtraces) (ID = 103595)
13:54: HKCR\cerberus.enginelistener\ (5 subtraces) (ID = 103596)
13:54: HKCR\cerberus.scanner.1\ (3 subtraces) (ID = 103597)
13:54: HKCR\cerberus.scanner\ (5 subtraces) (ID = 103598)
13:54: HKCR\cerberus.threatcollection.1\ (3 subtraces) (ID = 103599)
13:54: HKCR\cerberus.threatcollection\ (5 subtraces) (ID = 103600)
13:54: HKCR\clsid\{020b1227-417d-4682-9ac3-61f43cb5b6b1}\ (12 subtraces) (ID = 103601)
13:54: HKCR\clsid\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}\ (11 subtraces) (ID = 103602)
13:54: HKCR\clsid\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}\ (11 subtraces) (ID = 103603)
13:54: HKCR\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}\ (11 subtraces) (ID = 103604)
13:54: HKCR\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}\ (11 subtraces) (ID = 103605)
13:54: HKCR\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}\ (11 subtraces) (ID = 103606)
13:54: HKCR\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}\ (12 subtraces) (ID = 103607)
13:54: HKCR\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}\ (12 subtraces) (ID = 103608)
13:54: HKCR\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}\ (11 subtraces) (ID = 103609)
13:54: HKCR\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}\ (12 subtraces) (ID = 103610)
13:54: HKCR\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}\ (11 subtraces) (ID = 103611)
13:54: HKCR\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}\ (11 subtraces) (ID = 103612)
13:54: HKCR\engine.backup.1\ (3 subtraces) (ID = 103613)
13:54: HKCR\engine.backup\ (5 subtraces) (ID = 103614)
13:54: HKCR\engine.ignorelist.1\ (3 subtraces) (ID = 103615)
13:54: HKCR\engine.ignorelist\ (5 subtraces) (ID = 103616)
13:54: HKCR\engine.log.1\ (3 subtraces) (ID = 103617)
13:54: HKCR\engine.log\ (5 subtraces) (ID = 103618)
13:54: HKCR\engine.logrecord.1\ (3 subtraces) (ID = 103619)
13:54: HKCR\engine.logrecord\ (5 subtraces) (ID = 103620)
13:54: HKCR\engine.paths.1\ (3 subtraces) (ID = 103621)
13:54: HKCR\engine.paths\ (5 subtraces) (ID = 103622)
13:54: HKCR\engine.quarantine.1\ (3 subtraces) (ID = 103623)
13:54: HKCR\engine.quarantine\ (5 subtraces) (ID = 103624)
13:54: HKCR\engine.runas.1\ (3 subtraces) (ID = 103625)
13:54: HKCR\engine.runas\ (5 subtraces) (ID = 103626)
13:54: HKCR\engine.searchitem.1\ (3 subtraces) (ID = 103627)
13:54: HKCR\engine.searchitem\ (5 subtraces) (ID = 103628)
13:54: HKCR\engine.threat.1\ (3 subtraces) (ID = 103629)
13:54: HKCR\engine.threat\ (5 subtraces) (ID = 103630)
13:54: HKLM\software\classes\appid\cerberus.exe\ (1 subtraces) (ID = 103632)
13:54: HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\ (1 subtraces) (ID = 103633)
13:54: HKLM\software\classes\cerberus.enginelistener.1\ (3 subtraces) (ID = 103634)
13:54: HKLM\software\classes\cerberus.enginelistener\ (5 subtraces) (ID = 103635)
13:54: HKLM\software\classes\cerberus.scanner.1\ (3 subtraces) (ID = 103636)
13:54: HKLM\software\classes\cerberus.scanner\ (5 subtraces) (ID = 103637)
13:54: HKLM\software\classes\cerberus.threatcollection.1\ (3 subtraces) (ID = 103638)
13:54: HKLM\software\classes\cerberus.threatcollection\ (5 subtraces) (ID = 103639)
13:54: HKLM\software\classes\clsid\{020b1227-417d-4682-9ac3-61f43cb5b6b1}\ (12 subtraces) (ID = 103641)
13:54: HKLM\software\classes\clsid\{3d00a39c-655b-428b-aeb2-2fba03dcc49c}\ (11 subtraces) (ID = 103642)
13:54: HKLM\software\classes\clsid\{5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe}\ (11 subtraces) (ID = 103643)
13:54: HKLM\software\classes\clsid\{8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a}\ (11 subtraces) (ID = 103644)
13:54: HKLM\software\classes\clsid\{8ee6bf73-b370-4d13-9126-eb0071178f2e}\ (11 subtraces) (ID = 103645)
13:54: HKLM\software\classes\clsid\{9bb7e700-4e48-476d-b75c-6f47606be988}\ (11 subtraces) (ID = 103646)
13:54: HKLM\software\classes\clsid\{20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c}\ (12 subtraces) (ID = 103647)
13:54: HKLM\software\classes\clsid\{97f56e12-c706-4aeb-9ffb-133c05ee5d38}\ (12 subtraces) (ID = 103648)
13:54: HKLM\software\classes\clsid\{408f660a-9465-44a3-b557-8709dfd992bc}\ (11 subtraces) (ID = 103649)
13:54: HKLM\software\classes\clsid\{125494b2-acad-414c-98b9-452f3ef7703a}\ (12 subtraces) (ID = 103650)
13:54: HKLM\software\classes\clsid\{cbcaca58-1aee-4600-8cf0-e8b30bff1535}\ (11 subtraces) (ID = 103651)
13:54: HKLM\software\classes\clsid\{d6d64cdf-0363-4261-b723-29a3af365e1d}\ (11 subtraces) (ID = 103652)
13:54: HKLM\software\classes\engine.backup.1\ (3 subtraces) (ID = 103653)
13:54: HKLM\software\classes\engine.backup\ (5 subtraces) (ID = 103654)
13:54: HKLM\software\classes\engine.ignorelist.1\ (3 subtraces) (ID = 103655)
13:54: HKLM\software\classes\engine.ignorelist\ (5 subtraces) (ID = 103656)
13:54: HKLM\software\classes\engine.log.1\ (3 subtraces) (ID = 103657)
13:54: HKLM\software\classes\engine.log\ (5 subtraces) (ID = 103658)
13:54: HKLM\software\classes\engine.logrecord.1\ (3 subtraces) (ID = 103659)
13:54: HKLM\software\classes\engine.logrecord\ (5 subtraces) (ID = 103660)
13:54: HKLM\software\classes\engine.paths.1\ (3 subtraces) (ID = 103661)
13:54: HKLM\software\classes\engine.paths\ (5 subtraces) (ID = 103662)
13:54: HKLM\software\classes\engine.quarantine.1\ (3 subtraces) (ID = 103663)
13:54: HKLM\software\classes\engine.quarantine\ (5 subtraces) (ID = 103664)
13:54: HKLM\software\classes\engine.runas.1\ (3 subtraces) (ID = 103665)
13:54: HKLM\software\classes\engine.runas\ (5 subtraces) (ID = 103666)
13:54: HKLM\software\classes\engine.searchitem.1\ (3 subtraces) (ID = 103667)
13:54: HKLM\software\classes\engine.searchitem\ (5 subtraces) (ID = 103668)
13:54: HKLM\software\classes\engine.threat.1\ (3 subtraces) (ID = 103669)
13:54: HKLM\software\classes\engine.threat\ (5 subtraces) (ID = 103670)
13:54: HKLM\software\classes\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (9 subtraces) (ID = 103671)
13:54: HKCR\typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}\ (9 subtraces) (ID = 103676)
13:54: Found Adware: ist software
13:54: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
13:54: Found Adware: ist yoursitebar
13:54: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
13:54: Found Adware: security2k hijacker
13:54: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
13:54: Found Trojan Horse: trojan agent winlogonhook
13:54: HKLM\software\microsoft\mssmgr\ (14 subtraces) (ID = 937101)
13:54: HKCR\clsid\{c65c3770-598c-a2fd-dbaa-c7a45c50338e}\ (47 subtraces) (ID = 1386855)
13:54: HKLM\software\antivirusgolden\ (1 subtraces) (ID = 1386984)
13:54: HKLM\software\classes\clsid\{c65c3770-598c-a2fd-dbaa-c7a45c50338e}\ (47 subtraces) (ID = 1387133)
13:54: HKLM\software\microsoft\windows\currentversion\app paths\antivirusgolden.exe\ (1 subtraces) (ID = 1387262)
13:54: HKLM\software\microsoft\windows\currentversion\run\ || antivirusgolden (ID = 1387264)
13:54: HKLM\software\microsoft\windows\currentversion\uninstall\antivirusgolden\ (7 subtraces) (ID = 1387265)
13:54: Found Trojan Horse: trojan-downloader-zlob
13:54: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1497178)
13:54: Found Adware: popuper
13:54: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || dcomcfg.exe (ID = 1497181)
13:55: Registry Sweep Complete, Elapsed Time:00:00:37
13:55: Starting Cookie Sweep
13:55: Found Spy Cookie: adultfriendfinder cookie
13:55: george [email protected][2].txt (ID = 2165)
13:55: Found Spy Cookie: webtrends cookie
13:55: george [email protected][2].txt (ID = 3669)
13:55: Found Spy Cookie: malwarewipe cookie
13:55: george [email protected][2].txt (ID = 6467)
13:55: Found Spy Cookie: pesttrap cookie
13:55: george [email protected][1].txt (ID = 6462)
13:55: Cookie Sweep Complete, Elapsed Time: 00:00:03
13:55: Starting File Sweep
13:55: c:\documents and settings\george nolan\start menu\programs\antivirusgolden (3 subtraces) (ID = -2147447509)
13:55: c:\program files\antivirusgolden (22 subtraces) (ID = -2147447508)
13:55: Found Adware: sicro dialer
13:55: switchagreement.txt (ID = 76024)
14:30: antivirusgolden.exe (ID = 303616)
14:30: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AntivirusGolden (ID = 0)
14:30: uninst.exe (ID = 303613)
14:31: scannerconfig.xml (ID = 49967)
14:31: antivirusgolden 3.3.lnk (ID = 303616)
14:31: antivirusgolden.lnk (ID = 303616)
14:31: antivirusgolden 3.3.lnk (ID = 303616)
14:31: antivirusgolden 3.3.lnk (ID = 303616)
14:31: File Sweep Complete, Elapsed Time: 00:36:41
14:31: Full Sweep has completed. Elapsed time 00:41:07
14:31: Traces Found: 737
14:40: Removal process initiated
14:40: Quarantining All Traces: antivirus gold
14:41: Quarantining All Traces: antivirus gold components
14:41: Quarantining All Traces: ist software
14:41: Quarantining All Traces: ist yoursitebar
14:41: Quarantining All Traces: security2k hijacker
14:41: Quarantining All Traces: trojan agent winlogonhook
14:41: Quarantining All Traces: trojan-downloader-zlob
14:41: Quarantining All Traces: popuper
14:41: Quarantining All Traces: adultfriendfinder cookie
14:41: Quarantining All Traces: webtrends cookie
14:41: Quarantining All Traces: malwarewipe cookie
14:41: Quarantining All Traces: pesttrap cookie
14:41: Quarantining All Traces: sicro dialer
14:42: Removal process completed. Elapsed time 00:01:14
********
13:04: | Start of Session, 10 July 2006 |
13:04: Spy Sweeper started
13:06: Your spyware definitions have been updated.
13:50: Program Version 4.5.9 (Build 709) Using Spyware Definitions 714
13:50: | End of Session, 10 July 2006 |

 

Also, internet explorer keeps redirecting to //http://www.sysprotectionpage.net///