Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please look at my Hi-jack this log, Need some help


  • This topic is locked This topic is locked
12 replies to this topic

#1 nicefellow31

nicefellow31

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 04 October 2005 - 10:45 AM

Please take a look at my Hi-jack this log. I originally posted on 29 Sept, but did not post it correctly. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:42:52 AM, on 10/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crxz32.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\syskt32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton CleanSweep\CsinsmNT.exe
C:\Program Files\Windows Media Components\Encoder\Wmencagt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\New Kristina\Desktop\Hi-jack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.verizon.net/vzn.isp/welcome.htm?ver=13312&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O2 - BHO: (no name) - {4CCDA434-C422-8540-9760-CA3DCBB61E7B} - (no file)
O2 - BHO: Class - {8F47AA16-0AB9-B41C-2067-C8F9B1E95AD1} - C:\WINDOWS\system32\appsa32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E2E2B119-D1A3-9315-CE56-02822929B0FA} - C:\WINDOWS\system32\sysjo32.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [immin] C:\WINDOWS\mm15201518.a.Stub.exe
O4 - HKLM\..\Run: [HSW.] C:\WINDOWS\68x=.exe
O4 - HKLM\..\Run: [winch.exe] C:\WINDOWS\winch.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [syskt32.exe] C:\WINDOWS\system32\syskt32.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton CleanSweep\CsinsmNT.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {C877CC60-22E0-11D4-8903-905651C10000} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crxz32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 05 October 2005 - 03:04 PM

HiJackThis can be run from the desktop but when anything is fixed, a folder called backups will be created on the desktop. To avoid having many unwanted items on your desktop, put HiJackThis in its own folder.

If you have it set up in a folder on the desktop, the backups will also be created in the same folder.

C:\Documents and Settings\(username)\Desktop\HJT\hijackthis.exe
C:\Documents and Settings\(username)\Desktop\HJT\backups\

Please do not reboot until you are instructed. If you have rebooted since you posted your last HiJackThis log, the files could have changed and this fix will not work. If you have rebooted, post a new HiJackThis log and I will alter the instructions. After posting the log, do not reboot until I give you the fix.

You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Follow the instructions carefully.

Step 1

Click on the Start button, then click on Control Panel. When the control panel opens, double click on the Administrative Tools icon. When the Administrative Tools window opens, double click on the Services button.

The Services window will contain a listing of all the services that are installed on your machine. Find Network Security Service. When you see a service of this name, and there should be only one, double click on that service name. You should now be in that service's properties page. Now please follow these steps:
  • Change the Startup Type drop down box to Disabled.
  • Then press the Stop button.
  • Then write down on a piece of paper the text found in the Path to executable field. This text is the filename for the service and we will need it later. You can ignore the /s at the end of the file name.
  • When you are done, press the OK button to exit the service's properties. Then exit the services window.
We proceed to the next step.

Step 2

Please download CW-Shredder Save CWShredder.exe in C:\CWS. The first thing you should do is check for updates to CWShredder. You can do this by clicking on the button labeled "Check for update". If updates are found, click on the Download and open the update bar. We will use it later in safe mode.

Step 3

Please download AboutBuster , and unzip it to your desktop.
  • Double click on aboutbuster.exe
  • Click "Update".
  • Click "Check For Update"
  • Click "Download Update", and wait for it to be installed.
  • Unzip the file to its own folder (C:\AB).
  • We will use it later in safe mode.
Step 4

Please download HSFix Unzip it to a folder on your desktop. Name the folder HSfix.reg. We will use it later in safe mode.

Step 5

Please download the Pocket Killbox Unzip the contents of Pocket Killbox to your desktop. We will use it later.

If needed, Tutorial on Using Pocket Killbox. It will guide you through the installation process and the removal process.

Step 6

To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155 1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm

Step 7

Disconnect from the internet!!!

Reboot to safe mode. If you don’t know how to boot in safe mode, there is a tutorial HERE

Step 8

Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in HiJackThis, Open the Misc Tools Section then Open Process Manager, find these programs and kill process the following running processes (Do not worry if they are not there)

crxz32.exe

mm15201518.a.Stub.exe

68x=.exe

winch.exe

syskt32.exe


Let’s address the HiJackThis fixes.

Please run HiJackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: (no name) - {4CCDA434-C422-8540-9760-CA3DCBB61E7B} - (no file)

O2 - BHO: Class - {8F47AA16-0AB9-B41C-2067-C8F9B1E95AD1} - C:\WINDOWS\system32\appsa32.dll (file missing)

O2 - BHO: Class - {E2E2B119-D1A3-9315-CE56-02822929B0FA} - C:\WINDOWS\system32\sysjo32.dll

O4 - HKLM\..\Run: [immin] C:\WINDOWS\mm15201518.a.Stub.exe

O4 - HKLM\..\Run: [HSW.] C:\WINDOWS\68x=.exe

O4 - HKLM\..\Run: [winch.exe] C:\WINDOWS\winch.exe

O4 - HKLM\..\Run: [syskt32.exe] C:\WINDOWS\system32\syskt32.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O23 - Service: Network Security Service ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crxz32.exe


Close all browsers and other windows except for HiJackThis, and click "Fix Checked" to have HiJackThis fix the entries you checked.

Let's delete this O23 service.
  • Start HiJackThis
  • Click "Config" button
  • Click "Misc Tools" button
  • Click “Delete an NT Service” button
  • Copy and Paste the bold text below in the "Delete an NT Service" window

    O23 - Service: Network Security Service ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crxz32.exe
  • Click "OK"
  • Close HiJackThis
Step 9

Run CWShredder.
  • Close all programs and windows.
  • Navigate using windows explorer or My Computer to the C:\CWS folder and double click on the file CWShredder.exe.
  • Click on the Fix icon and let it scan your computer.
  • CWShredder will then start scanning your hard drive for the various CoolWebSearch variants and remove them if they are found. If one is found it will tell you, otherwise it will state that it is "not present". When it is done you will be presented with a button labeled "Next".
  • When you are finished examining the results, press the Next button to see a summary of the fixing process.
Step 10

Run About:Buster.
  • Click "Start".
    (Wait for the initial ADS scan to complete.)
  • Click "Yes", to shutdown any IE session currently open.
    (Wait for the about:blank scan to complete.)
  • Click "Ok", to scan once more.
  • Click "Yes", to shutdown any IE sessions currently open.
  • Click "Yes", to begin the second pass.
  • Click "Save log", and post this log back along with your new log.
  • Click "Exit".
Step 11

Reboot to safe mode.

Step 12

Doubleclick HSfix.reg to merge the info to the registry.

Step 13

Run Pocket Killbox.
  • Disconnect from internet and shut down all running programs
  • Double click on KillBox.exe.
  • Click on Tools > Delete Temp Files and click ok.
  • Use Pocket Killbox to end process on all instances of explorer.exe and rundll32.exe
    Your desktop will disappear but that's normal. It will come back after Reboot part of this fix
  • As you Paste each entry into Killbox, place a check by any of these Selections available
    "Delete on Reboot"
    "Unregister .dll before Deleting"
    "End Explorer Shell while Killing File"
  • Paste this file into the top "Full Path of File to Delete" box.

    C:\WINDOWS\system32\crxz32.exe

  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "No" at the Pending Operations prompt.
  • Repeat steps 5 9 above for these files:

    C:\WINDOWS\system32\appsa32.dll (file missing)

    C:\WINDOWS\system32\sysjo32.dll

    C:\WINDOWS\mm15201518.a.Stub.exe

    C:\WINDOWS\68x=.exe

    C:\WINDOWS\winch.exe

    C:\WINDOWS\system32\syskt32.exe


  • Click the "Delete File" button which looks like a stop sign.
  • Killbox will tell you that all listed files will be deleted on next reboot, click YES
  • When it asks if you would like to Reboot now, click YES Reboot to safe mode.
  • If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Please note that we may need to repeat this process a few times before we kill all the files.

The KillBox creates a folder called "!submit" in C:\ , after you are done, you can delete the folder.

Step 14

Clean out temporary files:
  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked
  • Click OK to remove them.
  • Click Yes to confirm the deletion.
Step 15

Reboot into normal mode.

Step 16

Please download and install Ewido Security Suite v3.5
If Ewido finds something that you KNOW is legitimate (watch for alerts that have the word "Heuristic" in them these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch Ewido by double clicking the "e" icon on your desktop.
  • The program will now go to the main screen.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on "Start Update".
    • The update will begin and a progress bar will show the updates being installed. If you are having problems with the updater, use Update Ewido
    • After the update finishes, the status bar at the bottom will display "Update successful"
  • After the updates are installed do the following:
    • Click on Scanner and select "Settings"
    • Under the bottom section "What to Scan?" select "Scan every file"
    • Select "OK" and you will return to scanning options
    • Click on "Complete System Scan" [This can take a while to complete so please be patient]
    • While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then CHECK or UNCHECK "Perform action on all infections" and click "OK". Note: You will have to watch the scan all the way through and delete items manually
  • After the scan has completed, Ewido will create a report.
  • There will be a button located on the bottom of the screen named "Save report". Click "Save report" [to your desktop] and post it in your next response.
  • Exit Ewido Security Suite when done.
If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
  • Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
  • If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and uncheck "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
Ewido offers a FREE 14 day full working trial. After the 14 day trial the only option that will be disabled is the "real time" scanning which we did not install anyway and the automatic updating. You will have to do the updating manually by clicking on the Update button and then Start Update.

Step 17

Run this free online virus scan.

TrendMicro

Make sure you check "AutoClean"

When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, please write down the filenames and locations and post that in your reply.

Step 18

Please post a new HiJackThis log and the log from Ewido.

Edited by suebaby41, 08 October 2005 - 04:03 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 nicefellow31

nicefellow31
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 07 October 2005 - 01:31 PM

Here are the requested logs. My computer rebooted itself at one point, and I see some things listed that you had me delete. Should I do the steps again?


Ewindo log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:20:57 PM, 10/7/2005
+ Report-Checksum: E0D9E464

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
[1064] C:\WINDOWS\system32\crim32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
[116] C:\WINDOWS\system32\netcx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\xwmdwy.log -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\vrjbge.log -> Spyware.SearchPage : Cleaned with backup
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/__unin__.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@2o7[1].txt -> Spyware.Cookie.2o7 : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@a.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@advertising[2].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@bfast[2].txt -> Spyware.Cookie.Bfast : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@ehg-foxsports.hitbox[2].txt -> Spyware.Cookie.Hitbox : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@ehg-ignitemedia.hitbox[1].txt -> Spyware.Cookie.Hitbox : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@fastclick[2].txt -> Spyware.Cookie.Fastclick : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@hitbox[2].txt -> Spyware.Cookie.Hitbox : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@valueclick[2].txt -> Spyware.Cookie.Valueclick : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/Cookies/default@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Error during cleaning
C:\Program Files\Norton CleanSweep\Backuptemp\aim13651.BUD/Documents and Settings/Default/Local Settings/Temp/remove.exe -> TrojanDownloader.Keenval.f : Error during cleaning
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\Diet K\dk\dietk3.dat -> Spyware.Cydoor : Cleaned with backup
C:\!Submit\msjd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\ADMCache\adm398.tmp/asm.exe -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Default\Local Settings\Temp\ADMCache\adm398.tmp/asmps.dll -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Default\Local Settings\Temp\fsg_4104.exe -> Spyware.Web3000 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gm.preferences[1].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.enliven[2].txt -> Spyware.Cookie.Enliven : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@excite[2].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@focalink[1].txt -> Spyware.Cookie.Focalink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@engage[1].txt -> Spyware.Cookie.Engage : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@flycast[1].txt -> Spyware.Cookie.Flycast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.link4ads[1].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.admonitor[2].txt -> Spyware.Cookie.Admonitor : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@clit9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gm.preferences[2].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[3].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@admonitor[2].txt -> Spyware.Cookie.Admonitor : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[3].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tpl1.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@preferences[3].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bilbo.counted[1].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@w100.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@engage[2].txt -> Spyware.Cookie.Engage : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@focalink[3].txt -> Spyware.Cookie.Focalink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter5.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@clit15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@flycast[3].txt -> Spyware.Cookie.Flycast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@spinbox[1].txt -> Spyware.Cookie.Spinbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adserv.internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.link4ads[3].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter3.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[3].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@focalink[2].txt -> Spyware.Cookie.Focalink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@flycast[2].txt -> Spyware.Cookie.Flycast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.link4ads[4].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gm.preferences[3].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@track-star[1].txt -> Spyware.Cookie.Track-star : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@preferences[2].txt -> Spyware.Cookie.Preferences : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[4].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter1.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.enliven[3].txt -> Spyware.Cookie.Enliven : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[4].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@rd.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-sportsline.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@admonitor[1].txt -> Spyware.Cookie.Admonitor : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@linksynergy[3].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter3.sextracker[3].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[3].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[4].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@atdmt[3].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[4].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hg1.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[5].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@w108.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.link4ads[2].txt -> Spyware.Cookie.Link4ads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@x10[3].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@w101.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@phg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-flow[1].txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@track-star[2].txt -> Spyware.Cookie.Track-star : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data.coremetrics[2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter4.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-micron.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaserv.247media[1].txt -> Spyware.Cookie.247media : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adserv.internetfuel[3].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@by.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-ignitemedia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.popuptraffic[3].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter5.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[4].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[4].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@focusin.ads.targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter3.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[3].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-sportsline.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter15.sextracker[3].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[4].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[5].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[4].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\anyuser@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default\Cookies\anyuser@www.commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\anyuser@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\anyuser@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\anyuser@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-dig.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[5].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@atdmt[4].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxcounter[3].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-ignitemedia.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[6].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[6].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[6].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.popuptraffic[1].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[3].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.qksrv[4].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[5].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[7].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@oxcash[2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@t1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[7].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data.coremetrics[3].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[3].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-sportsline.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[4].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[5].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[6].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-foxsports.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@x10[4].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[7].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@atdmt[5].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@z1.adserver[4].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bis.180solutions[1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[7].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www2.enigmasoftwaregroup[3].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@paycounter[4].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxcounter[4].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[8].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[6].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-dig.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hg1.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@edge.ru4[5].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[6].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.specificpop[3].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[3].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[5].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[4].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[6].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.popuptraffic[4].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[9].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter12.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[9].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.qksrv[3].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[5].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@revenue[4].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-sportsline.hitbox[4].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[8].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[6].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[3].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[6].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[7].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[7].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[9].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter15.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter3.sextracker[4].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[6].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@oxcash[3].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gator[3].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.enliven[1].txt -> Spyware.Cookie.Enliven : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter15.sextracker[4].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[10].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter12.sextracker[3].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-flow[3].txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter.hitslink[3].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.qksrv[6].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.commission-junction[7].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@linksynergy[5].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@spylog[3].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@paycounter[5].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[7].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-logics[4].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedfor.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@php.offshoreclicks[2].txt -> Spyware.Cookie.Offshoreclicks : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[5].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ru4[3].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediaplex[5].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[3].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[3].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter3.sextracker[6].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter6.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@popupsponsor[1].txt -> Spyware.Cookie.Popupsponsor : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@mediatrack.popupsponsor[1].txt -> Spyware.Cookie.Popupsponsor : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@banserv.internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.popuptraffic[5].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sexlist[7].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[5].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[6].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adorigin[4].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@x10[6].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter13.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[3].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@pmg.ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-sportsline.hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[4].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-espn.hitbox[7].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@2o7[4].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[8].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sextracker[7].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[5].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@overture[4].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@overture[3].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gator[2].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@installs.180solutions[1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[8].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[5].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[6].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@downloads.180solutions[2].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@phg.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[6].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[6].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@internetfuel[3].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@specificpop[3].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[8].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[11].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@clickagents[4].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-dig.hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[11].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[5].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[8].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@edge.ru4[3].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[13].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[7].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[9].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@180solutions[3].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@2o7[5].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[9].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@pointroll[3].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad-logics[3].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[5].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[4].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[6].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[7].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@trafficmp[5].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@gator[4].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-chrysler.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hitbox[10].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxcounter[5].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@citi.bridgetrack[4].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@qksrv[3].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@commission-junction[3].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-foxsports.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@rccl.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@a.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@pointroll[5].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hg1.hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@revenue[3].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@euniverseads[6].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@valueclick[9].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@targetnet[4].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@centrport[4].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@c.porngraph[2].txt -> Spyware.Cookie.Porngraph : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@servedby.advertising[10].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@addynamix[4].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tribalfusion[7].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bluestreak[4].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@bfast[7].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-aol.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ehg-findlaw.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[12].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server.iad.liveperson[4].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@downloads.180solutions[1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@advertising[10].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@180solutions[1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@questionmarket[7].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@edge.ru4[4].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@linksynergy[4].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@fastclick[14].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Document

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 08 October 2005 - 07:48 PM

Please post a new HiJackThis log so we can see what we need to do next.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 nicefellow31

nicefellow31
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 09 October 2005 - 05:11 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:07:39 AM, on 10/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ierc.exe
C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\netei.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Media Components\Encoder\Wmencagt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton CleanSweep\CsinsmNT.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Office 2003\OFFICE11\WINWORD.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New Kristina\Desktop\Hi-jack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gqgnd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gqgnd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gqgnd.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O2 - BHO: Class - {83B61DC6-E75E-A18F-E2CE-BD8F31A5214A} - C:\WINDOWS\netnp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DCAEDD4C-CBCF-4AEE-7E2B-A1821BA8C715} - C:\WINDOWS\system32\apiso.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [netei.exe] C:\WINDOWS\netei.exe
O4 - HKLM\..\RunOnce: [ierc.exe] C:\WINDOWS\ierc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton CleanSweep\CsinsmNT.exe
O8 - Extra context menu item: Allow popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\allowsite.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stop popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\denysite.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {C877CC60-22E0-11D4-8903-905651C10000} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netcx32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 10 October 2005 - 01:37 PM

Please download SpSeHjfix to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers, it will say system clean and not go on to next stage

Now run the CWShredder (downloaded earlier)- Hit The FIX button!

Reboot and post a fresh HiJackThis log and the log that was created by 'SpSeHjfix'.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 nicefellow31

nicefellow31
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 15 October 2005 - 03:59 PM

Please download SpSeHjfix to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers, it will say system clean and not go on to next stage

Now run the CWShredder (downloaded earlier)- Hit The FIX button!

Reboot and post a fresh HiJackThis log and the log that was created by 'SpSeHjfix'.


I was unable to run SpSeHjfix. Everytime I did, I kept getting a message that Microsoft encountered a problem . What to do? :thumbsup:

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 15 October 2005 - 10:36 PM

There seems to be some problems with that tool at this time. Please post a new HijackThis log and I will post a fix.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 nicefellow31

nicefellow31
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 16 October 2005 - 11:12 PM

There seems to be some problems with that tool at this time. Please post a new HijackThis log and I will post a fix.


New log. That About: Blank just won't die. :thumbsup:



Logfile of HijackThis v1.99.1
Scan saved at 12:07:09 AM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\javaoo32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\crgz.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Media Components\Encoder\Wmencagt.exe
C:\Program Files\Norton CleanSweep\CsinsmNT.exe
C:\Program Files\SpyCatcher 2006\Protector.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Office 2003\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Office 2003\OFFICE11\MSTORDB.EXE
D:\Office 2003\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New Kristina\Desktop\Hi-jack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.verizon.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: Class - {12F982EB-C661-7345-F68F-352FD00B78A2} - C:\WINDOWS\system32\javask32.dll
O2 - BHO: Class - {13BAA56A-9570-AC65-EA8E-EDE19CE7FD52} - C:\WINDOWS\system32\mfcup.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O2 - BHO: Class - {14CE5B7A-6546-0088-A736-F486C8A0A93F} - C:\WINDOWS\msfs32.dll
O2 - BHO: (no name) - {16741F3E-1E7F-47DD-8CD1-6C903452D6F2} - (no file)
O2 - BHO: Class - {1BF1DFBE-EFEE-094D-4B4A-A1B0633959B8} - C:\WINDOWS\system32\ipgr32.dll
O2 - BHO: Class - {33AC2EFD-E2CC-A763-26F4-E66BD8536E46} - C:\WINDOWS\system32\mfcga.dll
O2 - BHO: Class - {380FDF3A-992E-174F-7C37-44CDA8EAB6C8} - C:\WINDOWS\apiot32.dll
O2 - BHO: Class - {3B9CE314-9AD4-9792-05A7-D033A0AC7FC8} - C:\WINDOWS\mfcrk.dll
O2 - BHO: Class - {5BA8BAA2-A8F8-C5AE-06EC-5A7D9EFC3436} - C:\WINDOWS\system32\winnw32.dll
O2 - BHO: (no name) - {63C3B90C-CAE8-913A-DBA5-AC8E0D0896D0} - (no file)
O2 - BHO: Class - {67593F26-35C2-10E1-7A0F-10433C09E2CB} - C:\WINDOWS\system32\d3jk.dll
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: Class - {847B6EAB-D9B0-4FC9-A4B8-83E8BCC35E8C} - C:\WINDOWS\netxp.dll
O2 - BHO: Class - {937347AF-8267-7B4F-C2FD-7C75B9DE0881} - C:\WINDOWS\system32\apinz32.dll
O2 - BHO: (no name) - {9ADFE229-40FB-615D-BB53-35E7CF17109E} - (no file)
O2 - BHO: Class - {9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} - C:\WINDOWS\system32\apixz.dll
O2 - BHO: Class - {A3B6E927-009C-404E-A6EF-F785483988BC} - C:\WINDOWS\iedd.dll
O2 - BHO: Class - {B92AA2F6-5A00-5C13-D6EB-4D61CBC201FE} - C:\WINDOWS\apigd32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DB307D03-7868-5DF7-BFB1-F83D4E3BAA3C} - C:\WINDOWS\system32\addkz.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {FD02D80E-B824-8992-2F9B-E9F9A96F5081} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [crgz.exe] C:\WINDOWS\system32\crgz.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton CleanSweep\CsinsmNT.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: Allow popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\allowsite.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stop popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\denysite.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {C877CC60-22E0-11D4-8903-905651C10000} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaoo32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 17 October 2005 - 05:04 AM

Please remember that every time you reboot the computer, there's a chance that the infection will reinstall and all the files names will change. Please do not reboot until instructed.

Please follow these steps carefully. Do not miss a step.

Step 1

There are several reasons for putting HiJackThis into its own folder.
  • HiJackThis is an analysis AND a repair tool. When you fix something in HiJackThis, you are deleting a bad entry in the Windows Registry. In case of a mistake being made, there is a reversal for line entry deletions. HiJackThis creates a new file which is a backup log of changes and you can reverse the line entry deletion. BUT...HiJackThis needs a safe folder to keep these critical backup logs and a temp folder is definitely not safe as you might run Disk Cleanup and delete them.
  • If you save HiJackThis to your desktop, you may easily lose track of the backup log in the wallpaper area (or someone might delete the backup file by dragging it to the Recycle Bin).
  • If you run HiJackThis from a zip folder, backups may not be made.
  • If you run HiJackThis from a Local Settings Temporary folder in XP or Windows 2000, when you post for help on a forum, the resulting text log will usually show your full name in a line entry since your Windows user profile is commonly named with your full name. When you copy and paste your log, HiJackThis provides a line entry showing the path to its running folder. If you use another folder like HiJackThis in the root of the C: drive (as recommended) then your Profile Name will NOT be displayed in the log.
Step 2

Please download HiJackThis again, but don’t hit “Open”, but “Save as”.
  • Go to your desktop and hit “Save”.
  • After downloading, minimize all windows until you’re on your desktop.
  • Double-click on the zip file containing the HijackThis.exe file.
  • Select the HijackThis.exe, and hit the combination “Ctrl + C”.
  • Minimize the zip folder, and go to My Computer. Double-click on C:/, double-click on Program Files.
  • In the menu bar you’ll find “File”. Click it, then choose “New”, and then “Folder”.
  • Call this folder HiJackThis. Double-click to open this – new – folder.
  • Use the combination “Ctrl + V” to paste the HijackThis.exe into this folder. Close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.
  • Delete all other HiJackThis files and run HiJackThis log from this folder.
Step 3

I see you have Norton Anti virus which comes as a part of Norton Internet Security which contains a firewall. It is difficult to tell if you have the Norton Internet Security Suite with the firewall or just the Norton Anti virus program. If you have just the Norton Anti virus program, I recommend you get a firewall in addition to the Windows SP2 firewall. There are a few available for free that appear to be good and easy to use:

Zone Alarm Free Firewall

Kerio Free Firewall

Sygate Personal Firewall

Outpost Firewall Free

Step 4

Please read through the instructions before you start (you may want to print this out or copy it into a word program).

Step 5

Check to see that Ewido is configured correctly and is updated.
Exit Ewido. DO NOT scan yet.
Tutorial if needed

Step 6

Please download About Buster , and unzip it to your desktop.
  • Double click on aboutbuster.exe
  • Click "Update".
  • Click "Check For Update"
    (If no new version is available, skip to step #4.)
  • Click "Download Update", and wait for it to be installed.
Don't run it yet.

Step 7

Please download and unzip HSfix to your desktop.

The above Registry file was written specifically for this infection and is not to be used on any other infection as it could damage a person's PC

Step 8

Please download CleanUp! CleanUp! is a powerful and easy to use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more. Open CleanUp, click on Options. Make sure that the following are checked:
  • Empty Recycle Bins
  • Delete cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • CleanUp! All Users
The others are optional. Do not run it yet.
*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders; it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!.

Step 9

Please download
CW Shredder
  • NOTE: If CWShredder does not run, a variant of CWS could be preventing you from running the shredder. Download the CoolWebSearch.Smartkiller Mini Removal Tool and save that to a directory called C:\CWS. Run the downloaded program, called miniremoval_coolwebsearch_smartkiller.exe, to remove the variant of CoolWebSearch that is stopping you from running your removal tool.
  • Save CWShredder.exe in C:\CWS.
  • Close all programs and windows.
  • Go to the C:\CWS folder and double click on the file CWShredder.exe.
  • The first thing you should do is check for updates to CWShredder. You can do this by clicking on the button labeled "Check for update". If updates are found, click on the “Download and open the update” bar.
Step 10
  • Open Windows Explorer
  • Go to Tools > Folder Options.
  • Click on the View tab and make sure that "Show hidden files and folders" is checked.
  • Uncheck "Hide protected operating system files" and uncheck "hide extensions for known file types"
  • Click "Apply to all folders"
  • Click "Apply"
  • Click "OK"
Step 11

Reboot into safe mode.

Reboot to safe mode. If you don’t know how to boot in safe mode, there is a tutorial HERE .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm

Step 12

Important Step
  • Go to Start >Run and type Services.msc
  • Click Ok
  • Scroll down and find the service called:
    Network Security Service (NSS)
  • When you find it, double click on it.
  • In the next window that opens, click the Stop button.
  • Click on properties and under the General Tab, change the Startup Type to Disabled.
  • Click Apply
  • Click Ok
  • Close any open windows.
  • If you don´t find this service listed go ahead with the next steps.
Step 13

Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in HijackThis, Open the Misc Tools Section then Open Process Manager, find these programs and “kill process” the following running processes (Do not worry if they are not there)[/b]

crgz.exe

javaoo32.exe


Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):[/b]

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {12F982EB-C661-7345-F68F-352FD00B78A2} - C:\WINDOWS\system32\javask32.dll

O2 - BHO: (no name) - {16741F3E-1E7F-47DD-8CD1-6C903452D6F2} - (no file)

O2 - BHO: Class - {1BF1DFBE-EFEE-094D-4B4A-A1B0633959B8} - C:\WINDOWS\system32\ipgr32.dll

O2 - BHO: Class - {33AC2EFD-E2CC-A763-26F4-E66BD8536E46} - C:\WINDOWS\system32\mfcga.dll

O2 - BHO: Class - {380FDF3A-992E-174F-7C37-44CDA8EAB6C8} - C:\WINDOWS\apiot32.dll

O2 - BHO: Class - {3B9CE314-9AD4-9792-05A7-D033A0AC7FC8} - C:\WINDOWS\mfcrk.dll

O2 – BHO: Class - {5BA8BAA2-A8F8-C5AE-06EC-5A7D9EFC3436} - C:\WINDOWS\system32\winnw32.dll

O2 - BHO: (no name) - {63C3B90C-CAE8-913A-DBA5-AC8E0D0896D0} - (no file)

O2 - BHO: Class - {67593F26-35C2-10E1-7A0F-10433C09E2CB} - C:\WINDOWS\system32\d3jk.dll

O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)

O2 - BHO: Class - {847B6EAB-D9B0-4FC9-A4B8-83E8BCC35E8C} - C:\WINDOWS\netxp.dll

O2 - BHO: Class - {937347AF-8267-7B4F-C2FD-7C75B9DE0881} - C:\WINDOWS\system32\apinz32.dll

O2 - BHO: (no name) - {9ADFE229-40FB-615D-BB53-35E7CF17109E} - (no file)

O2 - BHO: Class - {9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} - C:\WINDOWS\system32\apixz.dll

O2 - BHO: Class - {A3B6E927-009C-404E-A6EF-F785483988BC} - C:\WINDOWS\iedd.dll

O2 - BHO: Class - {B92AA2F6-5A00-5C13-D6EB-4D61CBC201FE} - C:\WINDOWS\apigd32.dll

O2 - BHO: Class - {DB307D03-7868-5DF7-BFB1-F83D4E3BAA3C} - C:\WINDOWS\system32\addkz.dll

O2 - BHO: (no name) - {FD02D80E-B824-8992-2F9B-E9F9A96F5081} - (no file)

O4 - HKLM\..\Run: [crgz.exe] C:\WINDOWS\system32\crgz.exe

O23 - Service: Network Security Service (NSS) ( 11Fßä #•ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaoo32.exe" /s (file missing)


Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Exit HijackThis.

Step 14

Using Windows Explorer, locate the following files and DELETE them (Do not worry if they are not there):

C:\WINDOWS\system32\javask32.dll

C:\WINDOWS\system32\ipgr32.dll

C:\WINDOWS\system32\mfcga.dll

C:\WINDOWS\apiot32.dll

C:\WINDOWS\mfcrk.dll

C:\WINDOWS\system32\winnw32.dll

C:\WINDOWS\system32\d3jk.dll

C:\WINDOWS\netxp.dll

C:\WINDOWS\system32\apinz32.dll

C:\WINDOWS\system32\apixz.dll

C:\WINDOWS\iedd.dll

C:\WINDOWS\apigd32.dll

C:\WINDOWS\system32\addkz.dll

C:\WINDOWS\system32\crgz.exe

C:\WINDOWS\javaoo32.exe" /s (file missing)

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example appsw.exe, appsw.dll, appsw.dat)

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is, uncheck it and try again.

Step 15

Double click on the HSfix and when asked to merge, say yes.

Step 16

Run CW Shredder
  • Click on the “Fix” icon and let it scan your computer.
  • CWShredder will then start scanning your hard drive for the various CoolWebSearch variants and remove them if they are found. If one is found it will tell you, otherwise it will state that it is "not present". When it is done you will be presented with a button labeled "Next".
  • When you are finished examining the results, press the “Next” button to see a summary of the fixing process.
Step 17

Run AboutBuster .
  • Click "Start".
    (Wait for the initial ADS scan to complete.)
  • Click "Yes", to shutdown any IE session currently open.
    (Wait for the about:blank scan to complete.)
  • Click "Ok", to scan once more.
  • Click "Yes", to shutdown any IE sessions currently open.
  • Click "Yes", to begin the second pass.
  • Click "Save log", and post this log back along with your new log.
  • Click "Exit".
Step 18

Run Ewido Security Suite
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Step 19

Run Cleanup.

Step 20

Reboot into normal mode and open up Internet Explorer

Download and run this online virus scan if you can:< Important
TrendMicro Housecall
Make sure you check "AutoClean"

Step 21

Please post a new HijackThis log, the log from Ewido, and the About:Buster log.

Edited by suebaby41, 17 October 2005 - 05:30 AM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 nicefellow31

nicefellow31
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 19 October 2005 - 03:27 PM

Here you are

Logfile of HijackThis v1.99.1
Scan saved at 4:15:21 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\szserver.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\sysfz.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Media Components\Encoder\Wmencagt.exe
C:\Program Files\Norton CleanSweep\CsinsmNT.exe
C:\Program Files\SpyCatcher 2006\Protector.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\mfcaz.exe
C:\Documents and Settings\New Kristina\Desktop\Hi-jack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.40.21.68/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.verizon.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ijmks.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ijmks.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ijmks.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ijmks.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ijmks.dll/sp.html#28129
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: Class - {13BAA56A-9570-AC65-EA8E-EDE19CE7FD52} - C:\WINDOWS\system32\mfcup.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O2 - BHO: Class - {BBEC1B2A-AC72-57D9-D55D-F4CC11608C95} - C:\WINDOWS\javaux.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICRO~10\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [sysfz.exe] C:\WINDOWS\sysfz.exe
O4 - HKLM\..\RunOnce: [mfcaz.exe] C:\WINDOWS\mfcaz.exe
O4 - HKLM\..\RunOnce: [netzv32.exe] C:\WINDOWS\netzv32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton CleanSweep\CsinsmNT.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: Allow popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\allowsite.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stop popups from this web page - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\denysite.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {C877CC60-22E0-11D4-8903-905651C10000} - http://www.dellnet.com (file missing) (HKCU)
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATEPOPUPS\IHATEPOPUPS.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe

AboutBuster 5.0 reference file 28
Scan started on [10/10/2005] at [4:06:11 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\wzguqm.dat
Removed File! : C:\Windows\uhoii.dll
Removed File! : C:\Windows\dteqx.dll
Removed File! : C:\Windows\jxuhgw.dat
Removed File! : C:\Windows\birci.dll
Removed File! : C:\Windows\zkxfp.dll
Removed File! : C:\Windows\bjmxh.dll
Removed File! : C:\Windows\yzegg.dll
Removed File! : C:\Windows\ohyxr.dll
Removed File! : C:\Windows\eosob.dll
Removed File! : C:\Windows\xeqqj.dll
Removed File! : C:\Windows\rclps.dll
Removed File! : C:\Windows\qqxuj.dll
Removed File! : C:\Windows\rpzun.dll
Removed File! : C:\Windows\gmahd.dll
Removed File! : C:\Windows\axamh.dll
Removed File! : C:\Windows\svfot.dll
Removed File! : C:\Windows\vuvbd.dll
Removed File! : C:\Windows\wnbdn.dll
Removed File! : C:\Windows\jqnze.dll
Removed File! : C:\Windows\hdzfw.dll
Removed File! : C:\Windows\wrzew.dll
Removed File! : C:\Windows\spvao.dll
Removed File! : C:\Windows\knzct.dll
Removed File! : C:\Windows\ialil.dll
Removed File! : C:\Windows\mpjzw.dll
Removed File! : C:\Windows\axdst.dll
Removed File! : C:\Windows\wndjs.dll
Removed File! : C:\Windows\bfyks.dll
Removed File! : C:\Windows\vlnqo.dll
Removed File! : C:\Windows\stciq.dll
Removed File! : C:\Windows\ggldb.dll
Removed File! : C:\Windows\oxwyp.dll
Removed File! : C:\Windows\ypxjg.dll
Removed File! : C:\Windows\oazey.dll
Removed File! : C:\Windows\lrjrm.dll
Removed File! : C:\Windows\bmvxe.dll
Removed File! : C:\Windows\System32\eevfq.dll
Removed File! : C:\Windows\System32\fumgi.dll
Removed File! : C:\Windows\System32\zvjez.dll
Removed File! : C:\Windows\System32\aupyf.dll
Removed File! : C:\Windows\System32\qleol.dll
Removed File! : C:\Windows\System32\zlafr.dll
Removed File! : C:\Windows\System32\nkbda.dll
Removed File! : C:\Windows\System32\fafff.dll
Removed File! : C:\Windows\System32\ddmqu.dll
Removed File! : C:\Windows\System32\zyyjw.dll
Removed File! : C:\Windows\System32\yucld.dll
Removed File! : C:\Windows\System32\odrab.dll
Removed File! : C:\Windows\System32\nydft.dll
Removed File! : C:\Windows\System32\esdjm.dll
Removed File! : C:\Windows\System32\byicp.dll
Removed File! : C:\Windows\System32\yijlu.dll
Removed File! : C:\Windows\System32\ukiht.dll
Removed File! : C:\Windows\System32\tjvtr.dll
Removed File! : C:\Windows\System32\gvrlw.dll
Removed File! : C:\Windows\System32\lmfar.dll
Removed File! : C:\Windows\System32\hjmrp.dll
Removed File! : C:\Windows\System32\bpvpt.dll
Removed File! : C:\Windows\System32\ndyto.dll
Removed File! : C:\Windows\System32\nbcvb.dll
Removed File! : C:\Windows\System32\gydvg.dll
Removed File! : C:\Windows\System32\cukme.dll
Removed File! : C:\Windows\System32\qacwa.dll
Removed File! : C:\Windows\System32\crwic.dll
Removed File! : C:\Windows\System32\fvtgg.dll
Removed File! : C:\Windows\System32\hqrxe.dll
Removed File! : C:\Windows\System32\yslly.dll
Removed File! : C:\Windows\System32\wrqpo.dll
Removed File! : C:\Windows\System32\azpcv.dll
Removed File! : C:\Windows\System32\pqzmi.dll
Removed File! : C:\Windows\System32\ndlsa.dll
Removed File! : C:\Windows\System32\mjkru.dll
Removed File! : C:\Windows\System32\krcff.dll
Removed File! : C:\Windows\System32\cambu.dll
Removed File! : C:\Windows\System32\yjtap.dll
Removed File! : C:\Windows\System32\avuxz.dll
Removed File! : C:\Windows\System32\sjrhh.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:09:24 PM


AboutBuster 5.0 reference file 28
Scan started on [10/10/2005] at [4:11:50 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:13:16 PM


AboutBuster 5.0 reference file 28
Scan started on [10/12/2005] at [4:15:35 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\vngcg.dat
Removed File! : C:\Windows\ijazs.dat
Removed File! : C:\Windows\System32\ajrkv.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:27:38 PM


AboutBuster 5.0 reference file 28
Scan started on [10/17/2005] at [12:15:56 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\xekggv.dat
Removed File! : C:\Windows\uigiwo.dat
Removed File! : C:\Windows\gcsfqs.dat
Removed File! : C:\Windows\yfrutt.dat
Removed File! : C:\Windows\vngcgx.dat
Removed File! : C:\Windows\System32\plgwc.dat
Removed File! : C:\Windows\System32\tgotn.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:23:16 AM


AboutBuster 5.0 reference file 28
Scan started on [10/17/2005] at [2:27:06 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\yfrutt.dat
Removed File! : C:\Windows\tnlxyt.dat
Removed File! : C:\Windows\aswvur.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:28:53 PM


AboutBuster 5.0 reference file 28
Scan started on [10/17/2005] at [2:31:54 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:33:36 PM


AboutBuster 5.1, reference file 32
Scan started on [10/19/2005] at [4:08:25 PM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\WINDOWS\yfrutt.dat
Removed File! : C:\WINDOWS\aswvur.dat
Removed File! : C:\WINDOWS\rgvxzc.dat
Removed File! : C:\WINDOWS\mqtsg.dat
Removed File! : C:\WINDOWS\bdwepx.dat
Removed File! : C:\WINDOWS\epffof.dat
Removed File! : C:\WINDOWS\System32\tlxht.dat
Removed File! : C:\WINDOWS\System32\sjizg.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:12:22 PM

#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 19 October 2005 - 04:30 PM

  • Please download
    Webroot’s SpySweeper Free 14 day trial version.
  • Open and Run the Installer. Double-click the installer file on your desktop to launch the installation wizard.
  • The installation wizard displays. Click Next.
  • Select “I Accept the Agreement” and click Next.
  • Select your install type. Webroot recommends selecting Typical, as this will properly install the software for most users.
  • Click Install when you are ready to install the software.
  • Finish setup and run Spy Sweeper
    The Finish button displays when installation is complete. Be sure that Run Spy Sweeper Now is selected and click Finish.
  • Spy Sweeper will ask if you want to update now. Select "yes" After that, the updates will be automatic.
  • Open Spy Sweeper.
  • Click on “Sweep”.
  • Click on “Start”.
  • After Spy Sweeper completes its scan, it will report what it finds.
  • Please post a new HijackThis log.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:37 PM

Posted 15 December 2005 - 04:34 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users