Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log file, prolems with WinFixer and Aurora


  • Please log in to reply
11 replies to this topic

#1 Situationeer

Situationeer

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 10 September 2005 - 11:20 PM

Hello, I would really appreciate some help in finally destroying the annoyance that is Aurora.
Logfile of HijackThis v1.99.1
Scan saved at 12:43:29 PM, on 9/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\omsfurq.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Counter Strike\Steam.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\emia.exe
C:\WINDOWS\Explorer.exe
D:\PROGRA~1\Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
D:\Program Files\Win Ace\WinAce.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kssd4d.exe reg_run
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [uedyiml] C:\WINDOWS\System32\omsfurq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\ikxrtmgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 14 September 2005 - 06:25 AM

Hello and Welcome to Bleepingcomputer

Ok you got some problems there ...this is gonna take a few steps.


First

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#3 Situationeer

Situationeer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 15 September 2005 - 12:23 PM

Hi Perculator and thank you for replying. Here's the resulting log;

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ikxrtmgr.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{81EF028F-D37D-9418-D508-1106D8B55044}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.5 Property Sheet Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}"=""
"{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}"=""
"{51B8E286-B755-4CA1-ACCF-BB980476EE97}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwtcfgx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjwebdvd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{51B8E286-B755-4CA1-ACCF-BB980476EE97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B8E286-B755-4CA1-ACCF-BB980476EE97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B8E286-B755-4CA1-ACCF-BB980476EE97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{51B8E286-B755-4CA1-ACCF-BB980476EE97}\InprocServer32]
@="C:\\WINDOWS\\system32\\AWIDEMGR.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
nxivfzc.dll Mon Aug 8 2005 7:21:22a A.... 126,976 124.00 K
daeko.dll Wed Sep 14 2005 5:32:06p A.... 10,240 10.00 K
dsfdkgk.dll Wed Sep 14 2005 5:32:04p A.... 46,080 45.00 K
nwtcfgx.dll Wed Sep 14 2005 2:58:18p ..S.R 417,792 408.00 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
kolntot.dll Wed Aug 31 2005 8:43:00p A.... 181,760 177.50 K
mbxbde40.dll Tue Sep 13 2005 2:26:14p ..S.R 417,792 408.00 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
wuauclt.dll Thu Sep 8 2005 6:51:14p ..... 30,720 30.00 K
awidemgr.dll Mon Sep 12 2005 7:09:44a ..S.R 417,792 408.00 K
gwkkr.dll Wed Aug 31 2005 8:43:00p A.... 133,120 130.00 K
dlactfrm.dll Sat Sep 10 2005 8:54:14p ..S.R 417,792 408.00 K
mjwebdvd.dll Wed Sep 14 2005 5:31:26p ..S.R 417,792 408.00 K
legitc~1.dll Wed Aug 3 2005 10:33:42a A.... 520,456 508.26 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
ikxrtmgr.dll Tue Aug 16 2005 8:31:38p ..S.R 417,792 408.00 K

16 items found: 16 files (6 H/S), 0 directories.
Total of file sizes: 3,896,208 bytes 3.71 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 1052-B046

Directory of C:\WINDOWS\System32

09/14/2005 05:31 PM 82,432 emia.exe
09/14/2005 05:31 PM 417,792 mjwebdvd.dll
09/14/2005 02:58 PM 417,792 nwtcfgx.dll
09/13/2005 02:26 PM 417,792 mbxbde40.dll
09/12/2005 07:09 AM 417,792 AWIDEMGR.dll
09/10/2005 08:54 PM 417,792 dlactfrm.dll
08/16/2005 08:31 PM 417,792 ikxrtmgr.dll
08/08/2005 07:22 AM 401,408 ??rvices.exe
05/07/2005 02:04 PM <DIR> Microsoft
09/08/2001 10:55 AM <DIR> dllcache
8 File(s) 2,990,592 bytes
2 Dir(s) 8,030,568,448 bytes free


#4 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 16 September 2005 - 02:10 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

#5 Situationeer

Situationeer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 18 September 2005 - 03:54 PM

Thank you, here's the log:

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 860 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1076 'rundll32.exe'
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1440 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1528 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\dlactfrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dlactfrm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\htcoin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\htcoin.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ikxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iqxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iqxrtmgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lhtwn10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lhtwn10N.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbxbde40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbxbde40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjwebdvd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjwebdvd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwtcfgx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\nwtcfgx.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obpdx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\obpdx32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\dlactfrm.dll
Successfully Deleted: C:\WINDOWS\system32\dlactfrm.dll
deleting: C:\WINDOWS\system32\dlactfrm.dll
Successfully Deleted: C:\WINDOWS\system32\dlactfrm.dll
deleting: C:\WINDOWS\system32\htcoin.dll
Successfully Deleted: C:\WINDOWS\system32\htcoin.dll
deleting: C:\WINDOWS\system32\htcoin.dll
Successfully Deleted: C:\WINDOWS\system32\htcoin.dll
deleting: C:\WINDOWS\system32\ikxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ikxrtmgr.dll
deleting: C:\WINDOWS\system32\ikxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\ikxrtmgr.dll
deleting: C:\WINDOWS\system32\iqxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\iqxrtmgr.dll
deleting: C:\WINDOWS\system32\iqxrtmgr.dll
Successfully Deleted: C:\WINDOWS\system32\iqxrtmgr.dll
deleting: C:\WINDOWS\system32\lhtwn10N.dll
Successfully Deleted: C:\WINDOWS\system32\lhtwn10N.dll
deleting: C:\WINDOWS\system32\lhtwn10N.dll
Successfully Deleted: C:\WINDOWS\system32\lhtwn10N.dll
deleting: C:\WINDOWS\system32\mbxbde40.dll
Successfully Deleted: C:\WINDOWS\system32\mbxbde40.dll
deleting: C:\WINDOWS\system32\mbxbde40.dll
Successfully Deleted: C:\WINDOWS\system32\mbxbde40.dll
deleting: C:\WINDOWS\system32\mjwebdvd.dll
Successfully Deleted: C:\WINDOWS\system32\mjwebdvd.dll
deleting: C:\WINDOWS\system32\mjwebdvd.dll
Successfully Deleted: C:\WINDOWS\system32\mjwebdvd.dll
deleting: C:\WINDOWS\system32\nwtcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\nwtcfgx.dll
deleting: C:\WINDOWS\system32\nwtcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\nwtcfgx.dll
deleting: C:\WINDOWS\system32\obpdx32.dll
Successfully Deleted: C:\WINDOWS\system32\obpdx32.dll
deleting: C:\WINDOWS\system32\obpdx32.dll
Successfully Deleted: C:\WINDOWS\system32\obpdx32.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Desktop.ini sucessfully removed


Zipping up files for submission:
adding: dlactfrm.dll (deflated 48%)
adding: htcoin.dll (deflated 48%)
adding: ikxrtmgr.dll (deflated 48%)
adding: iqxrtmgr.dll (deflated 48%)
adding: lhtwn10N.dll (deflated 48%)
adding: mbxbde40.dll (deflated 48%)
adding: mjwebdvd.dll (deflated 48%)
adding: nwtcfgx.dll (deflated 48%)
adding: obpdx32.dll (deflated 48%)
adding: guard.tmp (deflated 48%)
adding: clear.reg (deflated 46%)
adding: desktop.ini (stored 0%)
adding: reglog.txt (deflated 86%)
adding: lo2.txt (deflated 87%)
adding: test2.txt (deflated 27%)
adding: test3.txt (deflated 27%)
adding: test5.txt (deflated 27%)
adding: test.txt (deflated 86%)
adding: xfind.txt (deflated 82%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: dlactfrm.dll
deleting local copy: dlactfrm.dll
deleting local copy: htcoin.dll
deleting local copy: htcoin.dll
deleting local copy: ikxrtmgr.dll
deleting local copy: ikxrtmgr.dll
deleting local copy: iqxrtmgr.dll
deleting local copy: iqxrtmgr.dll
deleting local copy: lhtwn10N.dll
deleting local copy: lhtwn10N.dll
deleting local copy: mbxbde40.dll
deleting local copy: mbxbde40.dll
deleting local copy: mjwebdvd.dll
deleting local copy: mjwebdvd.dll
deleting local copy: nwtcfgx.dll
deleting local copy: nwtcfgx.dll
deleting local copy: obpdx32.dll
deleting local copy: obpdx32.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dlactfrm.dll
C:\WINDOWS\system32\dlactfrm.dll
C:\WINDOWS\system32\htcoin.dll
C:\WINDOWS\system32\htcoin.dll
C:\WINDOWS\system32\ikxrtmgr.dll
C:\WINDOWS\system32\ikxrtmgr.dll
C:\WINDOWS\system32\iqxrtmgr.dll
C:\WINDOWS\system32\iqxrtmgr.dll
C:\WINDOWS\system32\lhtwn10N.dll
C:\WINDOWS\system32\lhtwn10N.dll
C:\WINDOWS\system32\mbxbde40.dll
C:\WINDOWS\system32\mbxbde40.dll
C:\WINDOWS\system32\mjwebdvd.dll
C:\WINDOWS\system32\mjwebdvd.dll
C:\WINDOWS\system32\nwtcfgx.dll
C:\WINDOWS\system32\nwtcfgx.dll
C:\WINDOWS\system32\obpdx32.dll
C:\WINDOWS\system32\obpdx32.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}"=-
"{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}"=-
"{51B8E286-B755-4CA1-ACCF-BB980476EE97}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B5CC861F-4647-4CF2-9CE2-40CE29B43E74}]
[-HKEY_CLASSES_ROOT\CLSID\{CE3D4334-C801-40CA-8B4A-80AEE75D01C8}]
[-HKEY_CLASSES_ROOT\CLSID\{51B8E286-B755-4CA1-ACCF-BB980476EE97}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************



#6 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 19 September 2005 - 03:12 AM

can you post a fresh hijack this log please :thumbsup:

#7 Situationeer

Situationeer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 September 2005 - 07:40 AM

That can be done. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 7:40:23 AM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\emia.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\bootvid5.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe
C:\WINDOWS\SysCheckBop32.exe
D:\Program Files\Microsoft Anti-Spyware\gcasDtServ.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\skaqqt.exe
D:\Program Files\Microsoft Anti-Spyware\GIANTAntiSpywareMain.exe
D:\PROGRA~1\Firefox\firefox.exe
D:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [raxytxo] C:\WINDOWS\System32\skaqqt.exe r
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe



#8 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 19 September 2005 - 03:02 PM

Ok. that part is finished

Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)



Now, download Ewido Security Suite

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-inInstall Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed


Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.
Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
6. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
7. When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

Edited by perculator, 19 September 2005 - 03:07 PM.


#9 Situationeer

Situationeer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 September 2005 - 11:34 PM

Hijack This----

Logfile of HijackThis v1.99.1
Scan saved at 11:33:36 PM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Progra~1\Support.com\client\bin\forcesync.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win3206534273854.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
D:\PROGRA~1\Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\Ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe



Ewido Scan----

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:24:26 PM, 9/19/2005
+ Report-Checksum: A59AB0E1

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
[2056] C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\kssd4d.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\nxivfzc.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\daeko.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\dsfdkgk.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\kolntot.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\WINDOWS\system32\ѕеrvices.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\olethk32.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\dsound3d.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\60001.exe -> TrojanDownloader.Small.bkr : Cleaned with backup
C:\WINDOWS\system32\kv5ge36d.dat -> Trojan.Smitfraud : Cleaned with backup
C:\WINDOWS\system32\0ghty.dll -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\m0rz.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\system32\dbr38u.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\ekijgu.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\ASHeuristic\m0rz_dll.vir -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\etb\hadfgf -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\R9J01378\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\MKTJVU13\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@abetterinternet[4].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@ppms.popularix[2].txt -> Spyware.Cookie.Popularix : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.

#10 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 21 September 2005 - 04:12 PM

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/
Install it but do not use it yet.

****Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
***
start hijack this and put a check at the following lines

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

Now click fix checked
And close hijackthis


***
We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Open KillBox
And put a check at replace on reboot
And at use dummy

Copy the following bold into the full path of file to delete

C:\WINDOWS\win3206534273854.exe

and press the red button with the white cross in it.
When you’re promted to reboor click NO
Repaet that for
C:\WINDOWS\System32\klh9xn0.exe
C:\Program Files\TagASaurus\TagASaurus.exe
C:\WINDOWS\system32\cxtpls_loader.EXE
C:\WINDOWS\System32\newexp.exe

after the last file when you’re prompted to reboot click YES


after the reboot
open Killbox and
click in the left top corner File
and choose delete all dummys
close the killbox programm

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options"
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

Now make and post a fresh hijack this log

#11 Situationeer

Situationeer
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 21 September 2005 - 10:32 PM

Yes! I believe it worked. Thank you so, so much. Very appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:32:21 PM, on 9/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Ewido\security suite\ewidoctrl.exe
D:\Program Files\Ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
D:\PROGRA~1\Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\Ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe



#12 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:04 AM

Posted 22 September 2005 - 03:53 PM

Log looks clean... great job!

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users