Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Internet Goes On And Off - Sysupd.exe Susp.exe Wzazihah.exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 duperman

duperman

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 23 November 2005 - 06:55 AM

Hello I am rather new and am not sre if this problem could be fixed through HijackThis, but lately my computer's internet has gone on and off a lot. By this I mean that the modem lights are still on, but thr browser will not locate homepage, msn will not sign in, etc. so the internet does not work. This lasts for a few minutes, then it works again. It has been extremely annoying. If anybody knows why this is happening or how to fix it please help. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 6:54:13 AM, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~3\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Canon\OpwareSE2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wzazihah] C:\WINDOWS\wzazihah.exe
O4 - HKLM\..\Run: [tuvwbih] C:\WINDOWS\tuvwbih.exe
O4 - HKLM\..\Run: [tmxunoh] C:\WINDOWS\tmxunoh.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [jcxqfsr] C:\WINDOWS\jcxqfsr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hmrclqz] C:\WINDOWS\hmrclqz.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: dllvss - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvlld.dat (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 28 November 2005 - 12:20 PM

Hi and Welcome to bleeping computer!! Posted Image

My name is David Posted Image

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :thumbsup:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :flowers:
David

#3 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 01 December 2005 - 06:27 PM

Hi David. I appreciate you helping me. I followed your instructions (concerning ewido: scan took over two hours, but I was doing stuff too so it probably lagged it. Do you think I should've cleared my cache before using ewido? And, this is a 14 day trial, so that means I can't use it anymore after 14 days right?)

Here is the eqido log. there were 246 objects found and cleaned.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:17:28 PM, 01/12/2005
+ Report-Checksum: 12DCE996

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{13589181-4F0D-4553-B9F8-B4B72172C139}\{53707962-6F74-2D53-2644-206D7942484F}\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{13589181-4F0D-4553-B9F8-B4B72172C139}\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{68132581-10F2-416E-B188-4E648075325A}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{68132581-10F2-416E-B188-4E648075325A}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\{BDF3E430-B101-42AD-A544-FADC6B084872}\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{68132581-10F2-416E-B188-4E648075325A}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\{BDF3E430-B101-42AD-A544-FADC6B084872}\{CE188402-6EE7-4022-8868-AB25173A3E14}\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\{BDF3E430-B101-42AD-A544-FADC6B084872}\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\{BDF3E430-B101-42AD-A544-FADC6B084872}\{CE188402-6EE7-4022-8868-AB25173A3E14}\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\Cache\008AB2B1d01 -> Spyware.BookedSpace : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\adx1su1s.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\uxomjm6j.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ptfelo.dat -> Spyware.VirtuMonde : Cleaned with backup
:mozilla.50:C:\found.000\file0000.chk -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\found.000\file0000.chk -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\found.000\file0000.chk -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\found.000\file0000.chk -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\found.000\file0000.chk -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.58:C:\found.000\file0000.chk -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.59:C:\found.000\file0000.chk -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\found.000\file0000.chk -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.73:C:\found.000\file0000.chk -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.74:C:\found.000\file0000.chk -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.78:C:\found.000\file0000.chk -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.85:C:\found.000\file0000.chk -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.86:C:\found.000\file0000.chk -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/lsp.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@180solutions[2].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@a.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@bis.180solutions[1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
-> : Error during cleaning
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@data.coremetrics[2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@ehg-learningco.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@ehg-tickleinc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@internetfuel[2].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@realmedia[2].txt -> Spyware.Cookie.Realmedia : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@w132.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/documents and settings/owner/cookies/owner@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/cd_htm.dll -> Spyware.Cydoor : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/sahagent.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/sahagent1019.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/sahhtml.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/popoops.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/popoops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/swlad1.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/swlad2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/bargain buddy/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/bargain buddy/bin/apuc.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/bargain buddy/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/msbb321_2.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/ncmyb.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/downloaded program files/lsp_.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/downloaded program files/sahagent_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/downloaded program files/sahhtml_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/downloaded program files/webinstaller.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/wt/wtupdates/wtwebdriver/files/3.2.0.007/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/wt/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/docume~1/owner/locals~1/temp/thi3efe.tmp/preinstt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/docume~1/owner/locals~1/temp/thi3efe.tmp/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/clearsearch/csbiinst.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/clearsearch/csie.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/clearsearch/csieinst.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/clearsearch/csssinst.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/clearsearch/loader.exe -> Backdoor.Ruledor.e : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/nem214.dll -> Downloader.Dyfuca.j : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/nem216.dll -> Downloader.Dyfuca.bx : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/internet optimizer/actalert.exe -> Downloader.Dyfuca.bw : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/internet optimizer/optimize.exe -> Downloader.Dyfuca.bq : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/internet optimizer/update/actalert.exe -> Downloader.Dyfuca.bw : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/internet optimizer/update/optimize.exe -> Downloader.Dyfuca.bq : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/wupdt.exe -> Downloader.OneClickNetSearch.g : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/lycos/sidesearch/clrschuninstall_78_86.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/lycos/sidesearch/sidesearch1400.dll -> Spyware.SideSearch : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/host.dll -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/hostprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/bridge.dll -> Logger.Briss.h : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/system32/a.exe -> Logger.Briss.c : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/Bargain Buddy/bin2/apuc.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/Bargain Buddy/bin2/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/Bargain Buddy/bin2/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/program files/WildTangent/Components/SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Ad-aware 6\Cache\534218/c:/windows/wt/wtupdates/wtwebdriver/files/3.2.0.007/npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\RECYCLER\S-1-5-21-590939178-2238308267-2967840483-1003\Dc150.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\RECYCLER\S-1-5-21-590939178-2238308267-2967840483-1003\Dc42.com -> Backdoor.Rbot.oa : Cleaned with backup
C:\WINDOWS\addins\ipw.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\addins\vbvga.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\addins\wmsinet.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\AppPatch\abrc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\AppPatch\hardlog.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\AppPatch\kbps.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\assembly\GAC\Accessibility\rasdns.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\assembly\kbvb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\assembly\wavewms.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\cmdtask.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Config\taskap.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Cursors\abrwin.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Cursors\libdrv.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\Cursors\svcdos.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Cursors\winvss.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Driver Cache\dllabr.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Fonts\abrfont.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Fonts\skb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Fonts\syscab.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Fonts\urltcp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Help\wmsfont.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\inf\dosmfc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\inf\tcpdll.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\java\abrlog.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\java\classes\comw.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Microsoft.NET\bakjava.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Microsoft.NET\odbcbin.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Microsoft.NET\pcac.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\mp3cat.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\msagent\dnsdvd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\msagent\olereg.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Registration\dosplay.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Registration\imgweb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Registration\xmlav.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\repair\bak.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\repair\faxexp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\repair\pcreg.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\repair\unabr.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\security\Database\addisk.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\security\Database\dllcat.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\security\Database\srvinet.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\security\logs\tapiiis.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\security\oleabr.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\avms.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\cabimg.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\jpegw.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\mcmain.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\msvb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ServicePackFiles\svchard.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\speech\commc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\speech\javakb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system\dnsweb.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\apdd.dll -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\system32\axuninstall.exe -> Spyware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\bdlds.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\bits\inetinfo.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\config\imgtask.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\system32\config\keycat.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\DRVSTORE\vssbak.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\logkey.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\Microsoft\pccmd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\MoreResultsSetup.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\pcintro\ipiis.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\scvi50.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\Setup\mfcxml.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\sysload.dll -> Downloader.Le16.a : Cleaned with backup
C:\WINDOWS\Tasks\aswms.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\Tasks\avole.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Tasks\euladoc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Tasks\olead.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Tasks\rasnut.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\tcpip.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\vsstcp.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Web\nutbin.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Web\printers\olesvc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Web\printers\winhard.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Web\unrun.dll.vir -> Trojan.Agent.cs : Cleaned with backup
C:\WINDOWS\winanti.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\wmstask.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End



I still see virtumonde in there but I have run FixVundo and virtumondbegone before so thats odd that its still here. Here is my new JT log

Logfile of HijackThis v1.99.1
Scan saved at 6:24:22 PM, on 01/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~3\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Canon\OpwareSE2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wzazihah] C:\WINDOWS\wzazihah.exe
O4 - HKLM\..\Run: [tuvwbih] C:\WINDOWS\tuvwbih.exe
O4 - HKLM\..\Run: [tmxunoh] C:\WINDOWS\tmxunoh.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [jcxqfsr] C:\WINDOWS\jcxqfsr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hmrclqz] C:\WINDOWS\hmrclqz.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: dllvss - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvlld.dat (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 02 December 2005 - 02:30 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log
David

#5 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 03 December 2005 - 10:51 AM

Here is my session log. I have a question, when do you think it is appropriate time to clear quarantine? Is it ok to just leave the files quarantined?

********
9:08 AM: | Start of Session, December 3, 2005 |
9:08 AM: Spy Sweeper started
9:08 AM: Sweep initiated using definitions version 577
9:08 AM: Starting Memory Sweep
9:15 AM: Memory Sweep Complete, Elapsed Time: 00:07:24
9:15 AM: Starting Registry Sweep
9:15 AM: Found Adware: cws-aboutblank
9:15 AM: HKCR\protocols\filter\text/html\ (ID = 114343)
9:15 AM: HKLM\software\classes\protocols\filter\text/html\ (ID = 115907)
9:15 AM: Found Adware: virtumonde
9:15 AM: HKLM\software\microsoft\windows\currentversion\run\ || sysupd (ID = 143551)
9:15 AM: Found Trojan Horse: sysup
9:15 AM: HKLM\software\microsoft\windows\currentversion\run\ || sysupd (ID = 143551)
9:15 AM: Found Adware: directrevenue-abetterinternet
9:15 AM: HKLM\software\microsoft\windows\currentversion\run\ || susp (ID = 146064)
9:15 AM: Found Trojan Horse: trojan-downloader-2pursuit
9:15 AM: HKCR\clsid\{405132a4-5dd1-4ba8-a181-95c8d435093a}\ (5 subtraces) (ID = 530420)
9:15 AM: HKLM\software\classes\clsid\{405132a4-5dd1-4ba8-a181-95c8d435093a}\ (5 subtraces) (ID = 530421)
9:15 AM: HKU\S-1-5-21-590939178-2238308267-2967840483-1003\software\microsoft\gg\conf\ (84 subtraces) (ID = 802702)
9:15 AM: Found Adware: sidesearch
9:15 AM: HKU\S-1-5-21-590939178-2238308267-2967840483-1003\software\microsoft\internet explorer\searchurl\ || provider (ID = 826438)
9:16 AM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
9:16 AM: Registry Sweep Complete, Elapsed Time:00:00:28
9:16 AM: Starting Cookie Sweep
9:16 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:16 AM: Starting File Sweep
9:56 AM: Found Adware: lopdotcom
9:56 AM: comver.dll (ID = 111424)
10:05 AM: File Sweep Complete, Elapsed Time: 00:48:58
10:05 AM: Full Sweep has completed. Elapsed time 00:55:30
10:05 AM: Traces Found: 105
10:37 AM: Removal process initiated
10:37 AM: Quarantining All Traces: cws-aboutblank
10:37 AM: Quarantining All Traces: directrevenue-abetterinternet
10:37 AM: Quarantining All Traces: lopdotcom
10:37 AM: Quarantining All Traces: virtumonde
10:37 AM: Quarantining All Traces: sidesearch
10:37 AM: Quarantining All Traces: sysup
10:37 AM: Quarantining All Traces: trojan-downloader-2pursuit
10:38 AM: Removal process completed. Elapsed time 00:00:30
********
8:54 AM: | Start of Session, December 3, 2005 |
8:54 AM: Spy Sweeper started
8:55 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
9:06 AM: Processing Startup Alerts
9:06 AM: Removed Startup entry: mmtask
9:07 AM: Your spyware definitions have been updated.
9:08 AM: | End of Session, December 3, 2005 |


---

It's funny because I have used Webroot SpySweeper before and the trial ran out so I didn't think I'd be able to use it again. But, alas it let me, maybe because I entered different e-mail?

Here is my logfile now

---


Logfile of HijackThis v1.99.1
Scan saved at 10:49:08 AM, on 03/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~3\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Canon\OpwareSE2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wzazihah] C:\WINDOWS\wzazihah.exe
O4 - HKLM\..\Run: [tuvwbih] C:\WINDOWS\tuvwbih.exe
O4 - HKLM\..\Run: [tmxunoh] C:\WINDOWS\tmxunoh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [jcxqfsr] C:\WINDOWS\jcxqfsr.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hmrclqz] C:\WINDOWS\hmrclqz.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: dllvss - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvlld.dat (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 03 December 2005 - 11:18 AM

Please do both of the following before we start if possible!:

:thumbsup: 1) Please print off these intructions - they will be needed later when internet access is not available.
:flowers: 2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
_____________________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O4 - HKLM\..\Run: [wzazihah] C:\WINDOWS\wzazihah.exe
O4 - HKLM\..\Run: [tuvwbih] C:\WINDOWS\tuvwbih.exe
O4 - HKLM\..\Run: [tmxunoh] C:\WINDOWS\tmxunoh.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [jcxqfsr] C:\WINDOWS\jcxqfsr.exe
O4 - HKLM\..\Run: [hmrclqz] C:\WINDOWS\hmrclqz.exe
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: dllvss - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvlld.dat (file missing)

_____________________

:trumpet: Boot into Safe Mode

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\wzazihah.exe
C:\WINDOWS\tuvwbih.exe
C:\WINDOWS\tmxunoh.exe
C:\WINDOWS\jcxqfsr.exe
C:\WINDOWS\hmrclqz.exe
C:\WINDOWS\SYSTEM32\avw2.dll

_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)
_____________________

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.f
_____________________

Finally go to Control Panel > Internet Options. m
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

Empty the Recycle Bin.
_____________________

Reboot to normal mode and post a new HJT log
David

#7 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 03 December 2005 - 07:16 PM

KillBox couldn't delete anything, the files either did nt exist or could not be deleted.


Logfile of HijackThis v1.99.1
Scan saved at 7:12:42 PM, on 03/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\progra~1\valve\steam\steam.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hijackthis\HijackThis\hijackthis.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~3\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Canon\OpwareSE2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 04 December 2005 - 09:40 AM

Nearly there! :thumbsup:

Make sure that you can see hidden files (Windows XP).
  • Click "Start".
  • Click "My Computer".
  • Select the "Tools" menu and click "Folder Options".
  • Select the "View" tab.
  • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Click "Yes" to confirm.
  • Uncheck the "Hide file extensions for known file types".
  • Click "OK".

Please go here and upload these files so I can examine them and distribute them to antivirus companies.

Just press new topic (with topic name as "files for D_Trojanator"), fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer,

If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:

c:\windows\system32\avw2.dll

Thanks, and i'll get back to you! :flowers:

David

Edited by D-Trojanator, 04 December 2005 - 09:52 AM.


#9 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 04 December 2005 - 06:11 PM

Roger that sir, I uploaded the thing.

I put it back on not viewing hidden files and protecting hidden operating files, is that ok? Or do I still need it your settings for it to work properly?

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 05 December 2005 - 04:03 PM

Hi Duperman

The attachment isn't showing - please can you try again?

David :thumbsup:

#11 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 06 December 2005 - 09:31 PM

i think it should work now :thumbsup:

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 07 December 2005 - 12:33 PM

Ok, it looks bad, just checking! :thumbsup:

David

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 09 December 2005 - 12:25 PM

Please go here:
http://securityresponse.symantec.com/avcen...virtumonde.html

...and run the free removal tool.

Reboot when it's finished and post a new HJT log
David

#14 duperman

duperman
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 13 December 2005 - 10:28 PM

sorry, I have been away. Unfortunately, that program said it didn't find anything. here's new list.

Logfile of HijackThis v1.99.1
Scan saved at 10:26:47 PM, on 13/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\progra~1\valve\steam\steam.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis\hijackthis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\INSTAL~3\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Canon\OpwareSE2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



thanks a lot for patience.

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:30 PM

Posted 14 December 2005 - 11:46 AM

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor
Once your log is clean you can re-enable Spyware Doctor.
______________

Open Ewido by double-clicking the yellow 'E' icon in the system tray.
In the 'Your security status' section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
When you reboot, Ewido will prompt you as to whether you would like to "Restart the guard?".
Reply 'no' and set it to 'inactive' for the duration of your cleanup.
________________

You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Posted Image

SpySweeper
  • Open SpySweeper
  • Click Options
  • Click Program Options
  • Uncheck Load at windows startup.
  • Click Shields
  • Uncheck everything.
  • Uncheck Home Page Shield.
  • Uncheck Automatically restore default without notification.
Don't forget to re-instate Spysweeper when your machine is clean by re-checking everything you unchecked above.
________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
________________

:thumbsup: Boot into Safe Mode
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

:flowers: Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

c:\windows\system32\avw2.dll
___________________

Reboot to normal mode and post a new HJT log
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users