Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various viruses, etc.


  • Please log in to reply
38 replies to this topic

#1 obededom

obededom

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 18 July 2005 - 08:52 PM

BDE Projecter and Nail viruses, among others.

This comp is really jacked up.

Logfile of HijackThis v1.99.1
Scan saved at 8:48:54 PM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\twet\coer.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by Cox High Speed Internet
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -

C:\WINDOWS\System32\stlb2.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} -

C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -

C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [AxFilter] Rundll32.exe C:\WINDOWS\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Xhtpyli] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200203...s/win/QuickTime

Installer.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program

Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Fonts - C:\WINDOWS\system32\mliole32.dll
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -

C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed

Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 20 July 2005 - 05:42 PM

Let's start with the nail infection first.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 21 July 2005 - 10:22 PM

ok....

:thumbsup: the nailfix.zip link is bad - i found another link on noidea.us - however, instead of a batch file (nailfix.bat), there was process.exe and nailfix.cmd - I ran them both and it did the same thing you said it would do.

:flowers: ran the ewido scan but didn't delete anything it found

:trumpet: after the ewido scan, I ran hijackthis but the
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
wasn't there, so I'm assuming the nailfix.zip took care of that

:inlove: I also ran AdAware in safe mode a few times and deleted everything that it found

:bike: After doing everything in safe mode and rebooting, upon start-up, there were a lot of popups that I've always had and there is obviously still a problem

:cool: Ewido Scan Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:59:44 PM, 7/21/2005
+ Report-Checksum: CF0FD17E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\Interface\{0BD10A76-90DB-498E-9BCB-B262A125CE13} -> Spyware.CnsMin : Ignored
HKLM\SOFTWARE\Classes\Interface\{25DE7220-A4D0-484B-A68A-3D4A6EBAF504} -> Spyware.CnsMin : Ignored
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{3EE88A1F-B8CC-45B9-B2AF-6CFB9D19218E} -> Spyware.CnsMin : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\xupiter -> Spyware.Xupiter : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Ignored
HKU\S-1-5-21-1482476501-484763869-854245398-1007\Software\Mvu -> Spyware.Delfin : Ignored
HKU\S-1-5-21-1482476501-484763869-854245398-1007\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
C:\data -> TrojanDownloader.IstBar.ja : Ignored
:mozilla.13:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.15:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.32:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.34:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.35:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.36:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.37:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.38:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.44:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.45:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.46:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.47:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.48:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.49:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.50:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.51:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.52:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.53:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.54:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.55:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.56:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.57:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.58:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.59:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.60:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.61:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.62:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.63:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.64:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.65:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.69:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.70:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.71:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.72:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.73:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.77:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.96:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.97:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.108:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.109:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.110:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.111:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.112:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.115:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.116:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.117:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.118:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.119:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.120:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.127:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.128:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.136:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Bluestreak : Ignored
:mozilla.147:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Spylog : Ignored
:mozilla.149:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Ignored
:mozilla.164:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Brilliantdigital : Ignored
:mozilla.175:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.176:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.182:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.183:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.184:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Hitbox : Ignored
:mozilla.186:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valuead : Ignored
:mozilla.187:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valuead : Ignored
:mozilla.188:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valuead : Ignored
:mozilla.189:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valuead : Ignored
:mozilla.190:C:\Documents and Settings\CJL\Application Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt -> Spyware.Cookie.Valuead : Ignored
C:\Documents and Settings\CJL\Cookies\cjl@2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\CJL\Cookies\cjl@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\CJL\Cookies\cjl@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\CJL\Cookies\cjl@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\CJL\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\01ENC9AZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\2PTYVAHC\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\JUC77D8L\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\QBA1CL2J\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\RFX7ZT8S\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\RFX7ZT8S\AppWrap[2].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\URWZMP81\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Documents and Settings\CJL\Local Settings\Temporary Internet Files\Content.IE5\WLABK9IZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Ignored
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Ignored
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD : Ignored
C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Ignored
C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD : Ignored
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD : Ignored
C:\Program Files\twet\coer.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078049.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00078369.TXT -> Spyware.Cookie.Doubleclick : Ignored
C:\RECYCLER\NPROTECT\00078386.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00078398.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078400.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078416.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078419.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00078429.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078430.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078436.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078441.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078449.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078450.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078451.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078452.TXT -> Spyware.Cookie.Doubleclick : Ignored
C:\RECYCLER\NPROTECT\00078453.TXT -> Spyware.Cookie.Doubleclick : Ignored
C:\RECYCLER\NPROTECT\00078464.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078469.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078470.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078471.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078472.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078484.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078488.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078489.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078490.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078723.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078745.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078753.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078772.TXT -> Spyware.Cookie.Qksrv : Ignored
C:\RECYCLER\NPROTECT\00078787.TXT -> Spyware.Cookie.Adserver : Ignored
C:\RECYCLER\NPROTECT\00078788.TXT -> Spyware.Cookie.Adserver : Ignored
C:\RECYCLER\NPROTECT\00078845.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078858.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078863.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078864.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078865.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078866.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078897.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078902.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078903.TXT -> Spyware.Cookie.Atdmt : Ignored
C:\RECYCLER\NPROTECT\00078929.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078934.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078935.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078960.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00078967.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00078970.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078971.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00078973.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00078974.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079010.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00079034.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00079037.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079039.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079040.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00079042.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079111.dll -> Spyware.Hijacker.Generic : Ignored
C:\RECYCLER\NPROTECT\00079112.exe -> Adware.BetterInternet : Ignored
C:\RECYCLER\NPROTECT\00079436.TXT -> Spyware.Cookie.Atdmt : Ignored
C:\RECYCLER\NPROTECT\00079438.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00079439.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079440.TXT -> Spyware.Cookie.Questionmarket : Ignored
C:\RECYCLER\NPROTECT\00079441.TXT -> Spyware.Cookie.Adserver : Ignored
C:\RECYCLER\NPROTECT\00079444.TXT -> Spyware.Cookie.Overture : Ignored
C:\RECYCLER\NPROTECT\00079445.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079446.TXT -> Spyware.Cookie.Doubleclick : Ignored
C:\RECYCLER\NPROTECT\00079447.TXT -> Spyware.Cookie.Qksrv : Ignored
C:\RECYCLER\NPROTECT\00079464.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00079468.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079471.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00079472.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079473.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079474.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079499.TXT -> Spyware.Cookie.Atdmt : Ignored
C:\RECYCLER\NPROTECT\00079500.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00079501.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079502.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079632.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00079647.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00079652.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079654.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079655.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079656.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00079657.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079658.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079659.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079961.dll -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00079985.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00079994.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079995.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079996.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079997.TXT -> Spyware.Cookie.Atdmt : Ignored
C:\RECYCLER\NPROTECT\00079998.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00079999.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00080000.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00080001.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00080002.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00080007.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081314.DLL -> Spyware.Look2Me : Ignored
C:\RECYCLER\NPROTECT\00081370.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\NPROTECT\00081378.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00081379.TXT -> Spyware.Cookie.2o7 : Ignored
C:\RECYCLER\NPROTECT\00081380.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081381.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081382.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081383.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081384.TXT -> Spyware.Cookie.Advertising : Ignored
C:\RECYCLER\NPROTECT\00081419.exe -> TrojanDownloader.Small.abd : Ignored
C:\RECYCLER\NPROTECT\00081422.cab/clientax.dll -> Spyware.180Solutions : Ignored
C:\RECYCLER\NPROTECT\00081423.dll -> Spyware.180Solutions : Ignored
C:\RECYCLER\NPROTECT\00081425.exe -> Spyware.180Solutions : Ignored
C:\RECYCLER\S-1-5-21-1482476501-484763869-854245398-1007\Dc41.exe -> Spyware.Look2Me : Ignored
C:\RECYCLER\S-1-5-21-1482476501-484763869-854245398-1007\Dc58.exe -> Spyware.PurityScan : Ignored
C:\RECYCLER\S-1-5-21-1482476501-484763869-854245398-1007\Dc66.com -> TrojanDropper.Agent.pb : Ignored
C:\temp\Installer.exe -> Spyware.Look2Me : Ignored
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Ignored
C:\WINDOWS\evfobrtmqo.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\qyhhyedw.exe -> Spyware.BookedSpace : Ignored
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Ignored
C:\WINDOWS\system32\cdmpstui.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\chktrust.exe -> Spyware.BargainBuddy : Ignored
C:\WINDOWS\system32\CIDrmRes.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\cjmsvcs.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\cnmpatui.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\cSmiodll.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\cTmiodll.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\dmlayx.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Ignored
C:\WINDOWS\system32\iEsacct.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\jbsh400.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\kddlv.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\kgdazel.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\lfk.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\mliole32.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\nciew.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Ignored
C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Ignored
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Ignored
C:\WINDOWS\system32\ooeaccrc.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\otdbse32.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\ozjsel.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\pVpgasvc.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\remps.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\sdtupdll.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\snman32.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\udrdpa.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\uriplat.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Ignored
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd : Ignored
C:\WINDOWS\system32\XjeedZip.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\Temp\!update.exe -> Spyware.PurityScan : Ignored
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Ignored
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Ignored
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Ignored


::Report End

:) HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:30 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\twet\coer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Xhtpyli] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\mforc32r.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 22 July 2005 - 08:51 AM

Run Ewido again, let it fix everything it finds, then repost a new HJT log, and the Ewido log. :thumbsup:

#5 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 23 July 2005 - 01:53 AM

:thumbsup: ran Ewido twice and fixed everything

:flowers: still having the same problems; still have lots of popups and random restarts; still have the BDE bleep, etc.

:trumpet: Ewido Scan Report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:17:53 PM, 7/22/2005
+ Report-Checksum: 432AED6C

+ Scan result:

No infected objects found.


::Report End

:inlove: HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:42:19 AM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\twet\coer.exe
C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Xhtpyli] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [Uust] C:\Program Files\twet\coer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\RLCRES.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 23 July 2005 - 09:43 AM

The nail infection is gone... one down, a few to go. :thumbsup:


Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O4 - HKCU\..\Run: [Xhtpyli] C:\WINDOWS\System32\??plorer.exe
********************************************************

Do you know what this file is?
C:\WINDOWS\system32\RLCRES.dll

Reboot and post a new hjt log please. :flowers:

#7 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 23 July 2005 - 09:56 PM

:thumbsup: ok, I don't know what RLCRES.dll is - I don't recognize anything associated with it

:flowers: this error message pops up when I reboot- "cannot find e6f183b.dll"

:trumpet: New HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:50:09 PM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\twet\coer.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [Uust] C:\Program Files\twet\coer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\RLCRES.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 24 July 2005 - 08:21 AM

Fix the following with HJT:
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [Uust] C:\Program Files\twet\coer.exe

That's all I see, but it would be helpful to see the last Ewido scan/repair log that you ran just to be sure. And a fresh HJT log. :thumbsup:

#9 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 25 July 2005 - 10:51 PM

:thumbsup: the Ewido scan is the same as the last one i posted, the only one that had anything was before i actually cleaned the log - and most of it was just cookies/temporary internet files, etc.

:flowers: for some reason, when I click on a random link that should NOT have ads, like a gaming forum link or something on a news website, I'm redirected to an ad popup.

:trumpet: New HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:57:57 AM, on 7/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\RLCRES.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thank You,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 26 July 2005 - 08:28 AM

I see two more things, but it shouldn't be causing any kind of pop-ups or redirects. Fix the following yet:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Then I need you to submit a file for analysis please... Go here:
http://www.bleepingcomputer.com/submit-malware.php
Paste the following in the submit box:
C:\WINDOWS\system32\RLCRES.dll

Let me know when you have done that. You may have a VX2 infection hiding in there yet... that doesn't often show up in the log, so we will check that next. What ads are popping up when you click on links? Are they random, do they look related, etc. ?

#11 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 26 July 2005 - 10:54 PM

:thumbsup: Last night, I was having lots of problems again, so I ran Ewido in safe mode and cleaned everything (log file is below) - the funny things is that it found 533 items (and cleaned them) BUT I didn't browse the internet at ALL since the last time I scanned and cleaned. Then I REBOOTED and ran HijackThis in normal mode and SAVED LOG FILE(that is the FIRST HijackThis Log). Then I saw post today and ran HijackThis AGAIN and deleted those two files and saved ANOTHER log file (the SECOND HijackThis Log).

:flowers: The popups are random, but I'll pay closer attention to them next time. There is a folder C:\WINDOWS\BDE that I can't delete and I think that BDE is what is causing the problem b/c I think it is obviously reinstalling everytime I reboot and causing the popups, if that helps at all. The folder has 6 other folders in it (and I'm pretty sure it's BDE Projector that comes along with Kazaa) that you can't delete either. I also ran SpyBot Search & Destroy - it finds this thing called BDE but it won't remove it. Also, when I run AdAware, the program finds BDE but it can't delete it. I also tried deleting the folder in safe mode with KillBox, but it says that it can't delete it, either. I've tried manually deleting on top of all those options, but "access is denied."

:trumpet: New EwidoScan Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:47:22 PM, 7/26/2005
+ Report-Checksum: 50A5BD34

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace :
Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} ->
Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace :
Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace :
Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace :
Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} ->
Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} ->
Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} ->
Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
:mozilla.11:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.38:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.76:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.104:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.106:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.107:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.116:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.121:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.122:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Overture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\CJL\Application
Data\Mozilla\Firefox\Profiles\hdtiyv8z.default\cookies.txt ->
Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@2o7[1].txt -> Spyware.Cookie.2o7
: Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@adopt.specificclick[2].txt ->
Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@ads.addynamix[1].txt ->
Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@ads.pointroll[1].txt ->
Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@advertising[1].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@atdmt[2].txt ->
Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@bluestreak[1].txt ->
Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@doubleclick[1].txt ->
Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@fastclick[1].txt ->
Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@mediaplex[1].txt ->
Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@servedby.advertising[2].txt ->
Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@targetnet[1].txt ->
Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@trafficmp[2].txt ->
Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\CJL\Cookies\cjl@z1.adserver[1].txt ->
Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\CJL\Local Settings\Temp\b.com ->
TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\CJL\Local Settings\Temporary Internet
Files\Content.IE5\WLABK9IZ\AppWrap[1].exe -> TrojanDropper.Agent.pb :
Cleaned with backup
C:\Documents and Settings\CJL\Local Settings\Temporary Internet
Files\Content.IE5\WLABK9IZ\AppWrap[2].exe -> TrojanDropper.Agent.pb :
Cleaned with backup
C:\Documents and Settings\CJL\Local Settings\Temporary Internet
Files\Content.IE5\WLABK9IZ\AppWrap[3].exe -> TrojanDropper.Agent.pb :
Cleaned with backup
C:\RECYCLER\NPROTECT\00081695.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081696.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081697.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081699.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081700.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081701.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081711.TXT -> Spyware.Cookie.Pointroll : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081712.TXT -> Spyware.Cookie.Pointroll : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081713.TXT -> Spyware.Cookie.Pointroll : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081714.TXT -> Spyware.Cookie.Pointroll : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081718.TXT -> Spyware.Cookie.Atdmt : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081809.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081810.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081811.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081812.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081813.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081957.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081958.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081959.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081960.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081961.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081962.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081963.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081964.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00081966.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00081967.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082088.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082089.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082090.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082091.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082092.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082093.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082094.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082095.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082096.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082104.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082105.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082106.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082107.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082372.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082374.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082376.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082378.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082379.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082380.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082381.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082382.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082390.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082391.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082396.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082397.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082398.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082399.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082400.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082404.TXT -> Spyware.Cookie.Doubleclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082405.TXT -> Spyware.Cookie.Doubleclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082406.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082407.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082408.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082538.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082539.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082540.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082550.exe -> Spyware.PurityScan : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082566.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082567.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082568.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082569.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082570.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082571.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082572.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082573.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082574.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082575.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082576.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082577.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082578.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082579.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082580.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082581.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082582.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082583.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082584.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082591.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082592.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082593.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082594.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082595.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082596.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082597.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082598.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082599.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082600.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082601.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082602.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082603.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082604.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082606.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082612.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082613.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082614.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082617.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082618.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082619.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082620.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082621.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082622.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082626.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082628.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082632.TXT -> Spyware.Cookie.Specificclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082633.TXT -> Spyware.Cookie.Specificclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082634.TXT -> Spyware.Cookie.Specificclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082635.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082636.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082637.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082638.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082639.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082649.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082650.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082651.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082652.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082653.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082654.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082666.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082668.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082669.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082670.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082671.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082672.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082673.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082674.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082675.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082684.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082685.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082686.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082690.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082691.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082692.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082693.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082694.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082695.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082696.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082697.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082698.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082699.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082700.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082701.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082702.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082703.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082704.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082705.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082706.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082707.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082708.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082709.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082710.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082722.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082723.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082724.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082725.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082726.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082727.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082728.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082729.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082730.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082731.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082732.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082733.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082734.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082735.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082736.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082737.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082738.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082739.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082740.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082741.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082742.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082743.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082744.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082745.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082746.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082747.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082748.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082749.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082750.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082751.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082752.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082753.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082754.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082755.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082763.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082764.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082765.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082766.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082767.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082768.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082769.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082770.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082771.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082772.TXT -> Spyware.Cookie.Fastclick : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082773.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082774.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082775.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082776.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082777.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082778.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082779.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082780.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082781.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082782.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082783.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082785.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082788.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082789.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00082790.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082791.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082792.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082796.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082797.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082798.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082799.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082800.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082801.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082802.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082803.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082804.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082805.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082806.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082821.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082822.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082823.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082824.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082825.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082826.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082832.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082833.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082834.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082836.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082838.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082839.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082841.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082842.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082843.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082845.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082846.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082850.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082851.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082852.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082853.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082854.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082855.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082856.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082857.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082858.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082859.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082860.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082861.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082862.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082863.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082864.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082865.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082866.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082868.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082870.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082882.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082883.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082884.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082885.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082886.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082887.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082888.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082889.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082890.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082891.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082892.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082893.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082894.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082895.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082896.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082897.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082898.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082899.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082900.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082901.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082904.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082906.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082908.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082910.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082912.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082914.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082915.TXT -> Spyware.Cookie.Targetnet : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082916.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082918.TXT -> Spyware.Cookie.Targetnet : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082920.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082921.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082922.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082923.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082930.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082931.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082932.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082933.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082934.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082935.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082936.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082937.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082939.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082940.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082942.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082943.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082944.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082945.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082946.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082947.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082949.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082951.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082963.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082964.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082965.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082966.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082967.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082968.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082969.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082970.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082972.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082975.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082976.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082977.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082979.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082987.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082988.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082989.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082990.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082995.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082996.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082997.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082998.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00082999.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083000.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083001.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083002.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083003.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083005.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083007.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083008.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083009.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083010.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083012.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083013.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083014.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083015.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083016.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083017.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083018.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083019.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083020.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083021.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083022.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083024.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083026.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083028.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083029.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083030.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083031.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083033.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00083035.TXT -> Spyware.Cookie.Adserver : Cleaned with
backup
C:\RECYCLER\NPROTECT\00083043.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083044.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083045.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083046.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083047.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083048.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083049.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083050.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083051.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083052.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083053.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083054.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083055.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083056.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083057.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083058.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083059.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083066.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083067.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083068.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083069.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083070.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083071.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083072.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083073.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083074.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083075.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083076.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083077.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083078.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083079.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083080.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083101.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083103.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083105.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083111.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083112.TXT -> Spyware.

Edited by obededom, 26 July 2005 - 10:59 PM.

"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#12 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 26 July 2005 - 11:01 PM

*continued Ewido Scan and HijackThis Logs:

C:\RECYCLER\NPROTECT\00083143.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083144.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083161.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083162.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083164.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083171.TXT -> Spyware.Cookie.Trafficmp : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083172.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083173.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083174.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083175.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083176.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083177.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083217.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083218.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083219.exe -> Spyware.PurityScan : Cleaned with
backup
C:\RECYCLER\NPROTECT\00083221.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083222.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083223.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083224.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00083225.TXT -> Spyware.Cookie.2o7 : Cleaned with
backup
C:\RECYCLER\NPROTECT\00083238.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083239.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\RECYCLER\NPROTECT\00083240.TXT -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\WINDOWS\bxjrltfx.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with
backup


::Report End

:thumbsup: 1st HijackThis Log (before I saw your most recent post and before I deleted the two things):

Logfile of HijackThis v1.99.1
Scan saved at 9:52:33 PM, on 7/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie
Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\lWprxy.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

:flowers: 2nd HijackThis Log (after I saw your post and after I deleted the two things):

Logfile of HijackThis v1.99.1
Scan saved at 10:43:24 PM, on 7/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet

Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program

files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie
Software\MemTurbo\MemTurbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program

Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0522.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200203...s/win/QuickTime

Installer.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\lWprxy.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation -

C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
Files\Speed

Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#13 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 27 July 2005 - 08:02 AM

It looks like you have a VX2 infection.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.


IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!



************************

Try Uninstalling the B3d projector using the Add/Remove Programs, then find and delete the files, bdeclean.exe and bdeclean.lgc, if they exist.

#14 obededom

obededom
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Location:Wichita
  • Local time:11:09 PM

Posted 27 July 2005 - 11:47 AM

:thumbsup: I can't remove B3D Projector from Add/Remove programs because it is not there. Also, I believe those other two files you listed I already deleted. Again, when I go to C:\WINDOWS\BDE and try to delete the 6 files in the folder, it says "access is denied." I believe that there used to be a fix for it, but when I tried downloading it a while ago, there was only one website the had it and the link was bad.

:flowers: L2Mfix Log:

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\lWprxy.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4AD91E84-B306-6155-239D-89A48E8750D8}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{93AF5369-9378-4753-B623-3BC59FB46F04}"=""
"{5389A177-CC3C-45E7-926D-C940FD05DC5B}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{93AF5369-9378-4753-B623-3BC59FB46F04}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93AF5369-9378-4753-B623-3BC59FB46F04}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93AF5369-9378-4753-B623-3BC59FB46F04}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{93AF5369-9378-4753-B623-3BC59FB46F04}\InprocServer32]
@="C:\\WINDOWS\\system32\\adi3d1ag.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5389A177-CC3C-45E7-926D-C940FD05DC5B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5389A177-CC3C-45E7-926D-C940FD05DC5B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5389A177-CC3C-45E7-926D-C940FD05DC5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5389A177-CC3C-45E7-926D-C940FD05DC5B}\InprocServer32]
@="C:\\WINDOWS\\system32\\nciew.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 904D-6AD3

Directory of C:\WINDOWS\System32

07/27/2005 11:28 AM 417,792 adi3d1ag.dll
07/26/2005 12:23 PM 417,792 blotvid.dll
07/25/2005 10:27 AM 417,792 lWprxy.dll
07/22/2005 09:41 AM 417,792 pMnmap.dll
07/21/2005 11:27 PM 417,792 RLCRES.dll
07/21/2005 10:06 PM 417,792 mupatcha.dll
07/21/2005 10:06 PM 417,792 mforc32r.dll
07/21/2005 08:57 AM 401,408 n?tdde.exe
07/14/2005 09:15 PM 417,792 guard.tmp
07/14/2005 03:35 AM <DIR> dllcache
07/13/2005 03:05 PM 401,408 ??plorer.exe
06/11/2002 07:50 PM <DIR> Microsoft
10 File(s) 4,145,152 bytes
2 Dir(s) 3,004,915,712 bytes free

Thanks,
~obededom~
"Advertisements contain the only truths to be relied on in a newspaper." - Mark Twain

#15 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:09 PM

Posted 27 July 2005 - 03:29 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.


IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users