Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer But Stillnothing Found With Hijack This


  • Please log in to reply
15 replies to this topic

#1 Arnagath

Arnagath

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 16 January 2006 - 03:10 PM

This is what my hijack this .log file loos like.



Logfile of HijackThis v1.99.1
Scan saved at 8:50:42 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\bcjixuk.exe
C:\Documents and Settings\Ebba\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fotydugbayf.com/e6Q9u_LfCjWZAuU...pfuXsQFBoVu.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E65BB3BE-F68D-8EAC-E341-FE6A5664233B} - C:\DOCUME~1\Ebba\APPLIC~1\STOPMA~1\Regs Bend.exe (file missing)
O2 - BHO: bold jump rule - {EFB10717-5C74-4AAE-AE07-E05ACC03290A} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: bows flap free - {3819BA5B-1A10-69B6-AFEC-78BB2B61981B} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Deamon Tools files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [cgcqvfe] C:\WINDOWS\System32\oaeqwh.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ownsbaitmorehtm] C:\Documents and Settings\All Users\Application Data\Anteforkownsbait\wma cash.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [dvkmrn] C:\WINDOWS\system32\bcjixuk.exe r
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [kbdnmp] C:\WINDOWS\System32\kbdnmp.exe
O4 - HKCU\..\Run: [ZBroadband Router Utility] C:\Broadband Router\Gate-MON V3.00.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'csloa.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091103.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_spy.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...T64106/thin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/060208be.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...FreeInstall.cab
O16 - DPF: {FFFF0021-0002-101A-A3C9-08002B2F49FB} - http://www.7adpower.com/dialer/A091BEL.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe





There really does not seem to be any problems, but then once in a while I get a windows message saying that I should download winfixer, sometimes if happens so freakuentlty that I cant even use the computer. Sometimes not at all. I have tried nortons totorial but that does not help.

To note is that I get allot of porn ads from something called great offeres with a little flower as a symbole. On the website it seems to be a real company. I have uninstalled all add programs several times but they keep comming back, they do so after the fist winfixer message.
I also get 2 different types of toolbars on the botom of the screen that I really want to get rid of.

Is this really winfixer of some other thing?

offcours I see that adpower and main searchbar things in the log though I dont dare touch them before I know for sure that they are good to go.


Thank you in advance for any replyes.

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 21 January 2006 - 07:50 AM

Hi,

Sorry for this delay. Post please a fresh hijackthis log if you still have problems.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 22 January 2006 - 03:30 PM

Sorry for delay, I was checking in on my father and was far away from my computer.
The thing is that I dont always get this problem, it is only sometimes but when it startes it keeps on going and going and I cant get the download WinFixer to go away.


Logfile of HijackThis v1.99.1
Scan saved at 9:26:53 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\liorcgx.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Deamon Tools files\daemon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HP All in one\Digital Imaging\bin\hpotdd01.exe
D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\HP All in one\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
D:\HP All in one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ebba\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fotydugbayf.com/e6Q9u_LfCjWZAuU...pfuXsQFBoVu.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E65BB3BE-F68D-8EAC-E341-FE6A5664233B} - C:\DOCUME~1\Ebba\APPLIC~1\STOPMA~1\Regs Bend.exe (file missing)
O2 - BHO: bold jump rule - {EFB10717-5C74-4AAE-AE07-E05ACC03290A} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: bows flap free - {3819BA5B-1A10-69B6-AFEC-78BB2B61981B} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Deamon Tools files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [cgcqvfe] C:\WINDOWS\System32\oaeqwh.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ownsbaitmorehtm] C:\Documents and Settings\All Users\Application Data\Anteforkownsbait\wma cash.exe
O4 - HKLM\..\Run: [fminvp] C:\WINDOWS\system32\liorcgx.exe r
O4 - HKCU\..\Run: [kbdnmp] C:\WINDOWS\System32\kbdnmp.exe
O4 - HKCU\..\Run: [ZBroadband Router Utility] C:\Broadband Router\Gate-MON V3.00.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'csloa.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091103.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_spy.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...T64106/thin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/060208be.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...FreeInstall.cab
O16 - DPF: {FFFF0021-0002-101A-A3C9-08002B2F49FB} - http://www.7adpower.com/dialer/A091BEL.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 23 January 2006 - 01:06 AM

Hi,

Uninstall from Add\Remove Programs:
ISTsvc

If you cannot uninstall the program use this Symantec tool: http://securityresponse.symantec.com/avcenter/FxIstbar.exe

Uninstall also : NetAnts


Please Download LSPFix from:

LSP-Fix

Disconnect from the Internet and close all Internet Explorer windows. Run then program, check the "I know what I'm doing" button and place all listings of

csloa.dll

into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.

Reboot.

To see a tutorial on how to use this program click the link below:
Using LSP-Fix to remove LSP Spyware & Hijackers


Print out next instructions, or save them in notepad, because you'll have a lot of steps to take (in the right order) and you also have to work in safe mode, so this page wouldn't be available then.

* Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

* Make sure all hidden files and folders are visible (Instructions )

* Please download, install, update and scan your system with the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After updating ewido please exit the program! We will use it later!
Reboot your computer into safe mode (Instructions)

* Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fotydugbayf.com/e6Q9u_LfCjWZAuU...pfuXsQFBoVu.jpg

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {E65BB3BE-F68D-8EAC-E341-FE6A5664233B} - C:\DOCUME~1\Ebba\APPLIC~1\STOPMA~1\Regs Bend.exe (file missing)
O2 - BHO: bold jump rule - {EFB10717-5C74-4AAE-AE07-E05ACC03290A} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)

O3 - Toolbar: bows flap free - {3819BA5B-1A10-69B6-AFEC-78BB2B61981B} - C:\PROGRA~1\STOPMA~1\peak defy.dll (file missing)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [cgcqvfe] C:\WINDOWS\System32\oaeqwh.exe
O4 - HKLM\..\Run: [ownsbaitmorehtm] C:\Documents and Settings\All Users\Application Data\Anteforkownsbait\wma cash.exe
O4 - HKLM\..\Run: [fminvp] C:\WINDOWS\system32\liorcgx.exe r
O4 - HKCU\..\Run: [kbdnmp] C:\WINDOWS\System32\kbdnmp.exe

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091103.exe
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_spy.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...T64106/thin.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/060208be.exe
O16 - DPF: {FFFF0021-0002-101A-A3C9-08002B2F49FB} - http://www.7adpower.com/dialer/A091BEL.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


* After checking these items, close all browser windows except HijackThis and click "Fix checked".

Stay in Safe Mode

* Please double-click on remove.bat. A window should open and close very quickly --- this is normal.

* Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

* Start Ewido
  • Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report", because we will need that later.
* Reboot your system back to normal mode.

* Download FindIt's.zip
  • Unzip it to your desktop. Make sure the FindIt's.bat and XFind.com are together in the same UNZIPPED folder!
  • Doubleclick FindIt's.bat. When the scan is done, it will produce a log.
  • Post that log in your next reply together with a fresh HijackThis log and the log from Ewido.
Download and unzip to one folder, for example c:\findlop:
http://www.fbeej.dk/Programmer/findlop.zip

Inside the folder find findlop.bat.

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 January 2006 - 08:07 AM

Well ok did everything though the findIt's.zip link does not work so I only got you the Ewido and the hijackthis logs.

You are not going to read all that are you????


Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:54:55 PM, 1/24/2006
+ Report-Checksum: 1D0AC069

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000} -> Spyware.Transponder : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822} -> Spyware.eGroup : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} -> Spyware.SpeedDelivery : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial.1 -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{59EBB576-CEB0-42FA-9917-DA6254A275AD} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\Nsconfig.nsBrowserConfig.3 -> Spyware.MarketScore : Cleaned with backup
HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8E0D8965-B97B-468D-8306-A05929E439C1} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\VX2.VX2Obj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSE.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\ComSoft -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_rs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\MainPean Highspeed -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\netsetter -> Spyware.MarketScore : Cleaned with backup
HKLM\SOFTWARE\netsetter\aol -> Spyware.MarketScore : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\BTGrab -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\ComSoft -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\ComSoft\Dialers -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\ComSoft\Dialers\EasyDates_be -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-1343024091-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} -> Spyware.SaveNow : Cleaned with backup
[888] C:\WINDOWS\system32\lrktcz.exe -> Trojan.Agent.cp : Cleaned with backup
C:\WINDOWS\system32\lrktcz.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\krnzid.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\ds3den.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\tt_reco.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\kd1mpv.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\EGDHTML_1021.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\tcppro.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\den_32.dll -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\system32\den_32.exe -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\A091103.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\058898be.exe -> Worm.Barole.A : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UGO20.exe -> Downloader.Small.fe : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\057098127.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\058898be.exe -> Worm.Barole.A : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGO20.exe -> Downloader.Small.fe : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\060208be.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\wzsex10x.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINDOWS\SET6.tmp -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\SETA.tmp -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\_DlrApps\wzsex10x.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\tinybar.exe -> Downloader.IstBar.at : Cleaned with backup
C:\WINDOWS\OLD18.tmp -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\alchem.exe -> Downloader.Alchemic : Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\T6U33KC9\060179lu[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\T6U33KC9\hdplugin_1015_bundle43v2d12[1].cab/HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\TLF3RZ2B\warn060208be[1].exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\5OK75T8L\istbar[1].dll -> Downloader.IstBar.dh : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\5OK75T8L\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\5OK75T8L\power_remove[1].exe -> Downloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\C5I749MN\exitpop[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\C5I749MN\EGDHTML_XP[1].cab/EGDHTML_1021.dll -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\C5I749MN\UGO20[1].exe -> Downloader.Small.fe : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\GX6NWLEB\060208be[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Fredrik\Local Settings\Temporary Internet Files\Content.IE5\C5EB0D2J\IeBHOs[1].dll -> Spyware.Toolbar.f : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@z8257.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@ayb.lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@t11294.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@g5484.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@c8443.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@l1541.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@sk235lkg.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@images.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Fredrik\Cookies\fredrik@ayb.lop[4].txt -> Spyware.Cookie.Lop : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Lop : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Fredrik\Application Data\Mozilla\Profiles\default\1p4lezte.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ebba\Local Settings\Temp\cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
C:\Documents and Settings\Ebba\Local Settings\Temporary Internet Files\Content.IE5\G9YZ8PEZ\IeBHOs[1].dll -> Spyware.Toolbar.l : Cleaned with backup
C:\Documents and Settings\Ebba\Local Settings\Temporary Internet Files\Content.IE5\416FOTAN\pi[1].exe -> Downloader.Small.afq : Cleaned with backup
C:\Documents and Settings\Ebba\Desktop\backups\backup-20060124-115745-916.dll -> Adware.E2Give : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@images.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ebba\Cookies\ebba@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Ebba\Application Data\Phoenix\Profiles\default\xf7q3gk4.slt\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Axel\Local Settings\Temp\DrTemp\INTLRECO.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Axel\Local Settings\Temp\btgrab.cab/polall1b.exe -> Trojan.Agent.ay : Cleaned with backup
C:\Documents and Settings\Axel\Local Settings\Temp\polall1b.exe -> Trojan.Agent.ay : Cleaned with backup
C:\Documents and Settings\Axel\Local Settings\Temp\istsv_.exe -> Downloader.IstBar.bo : Cleaned with backup
C:\Documents and Settings\Axel\Local Settings\Temp\WMI\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenUSearch -> Adware.WhenU : Cleaned with backup
C:\Documents and Settings\Axel\Start Menu\Programs\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : Cleaned with backup
C:\Documents and Settings\Axel\Desktop\FreeMyEmoticonsV7Romance.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Desktop\FreeMyEmoticonsV7Romance.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Desktop\FreeMyEmoticonsV7Active.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Desktop\FreeMyEmoticonsV7Active.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@lop[3].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@ayb.lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@w18245.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@v21725.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@i1410.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@m16798.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@x21133.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@lop[4].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Axel\Cookies\axel@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Axel\Application Data\Phoenix\Profiles\default\v8bm2wai.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTbar -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTbar\Thumbs.db -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTbar\iuhdsf.bin -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\altnet -> Adware.Altnet : Cleaned with backup
C:\Program Files\altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup
C:\Program Files\altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup
C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup
C:\Program Files\E2G\IeBHOs.tmp -> Spyware.Toolbar.l : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076292.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076313.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076328.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076348.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076377.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076446.dll -> Spyware.Cydoor : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076452.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076472.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076490.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076493.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076494.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076495.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP427\A0076496.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP417\A0074089.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074326.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074367.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074376.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074377.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074381.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074385.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074387.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074397.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074398.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074399.dll -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074413.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP418\A0074422.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074494.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074508.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074528.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074550.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074562.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP419\A0074623.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074642.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074656.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074688.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074702.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074717.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP420\A0074732.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP421\A0074761.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP421\A0074777.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP421\A0074791.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP421\A0074818.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP421\A0075815.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP422\A0075831.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP422\A0075848.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP422\A0075864.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP422\A0075878.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP423\A0075890.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP423\A0075900.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP423\A0075914.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{B8F3FCDB-D762-4EBE-A634-544B703F70C0}\RP424\A0075932.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End





Hijack This log put in post below because it could not fit.

Edited by Arnagath, 24 January 2006 - 08:12 AM.


#6 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 24 January 2006 - 08:10 AM

seems hijack this logg does not fit.

Logfile of HijackThis v1.99.1
Scan saved at 2:06:03 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Deamon Tools files\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\HP All in one\Digital Imaging\bin\hpotdd01.exe
D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\HP All in one\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
D:\HP All in one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\oellibtxprg.exe
C:\WINDOWS\oellibtxprg.exe
C:\Documents and Settings\Ebba\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Deamon Tools files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ZBroadband Router Utility] C:\Broadband Router\Gate-MON V3.00.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



#7 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 24 January 2006 - 04:25 PM

You are not going to read all that are you????

Don't worry :thumbsup:, I can read it very quick.

1, Please download FindIt.Zip from http://ralphcaddell.com/Uploads/FindIt.zip and unzip it to your desktop.
Open the FindIt folder and run the 'Find.bat' file.
A text file called Output.txt will be created.
Save this file and post it's contents in your next reply.



2, Download and unzip to one folder, for example c:\findlop:
http://www.fbeej.dk/Programmer/findlop.zip

Inside the folder find findlop.bat.

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#8 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 25 January 2006 - 09:23 AM

findlop worked well

this is that log

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/28/2004 18:47:13
NextRun: 01/25/2006 15:17:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0x65
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/28/2004
EndDate: 00/00/0000
StartTime: 22:47
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 03/05/2003
EndDate: 00/00/0000
StartTime: 20:20
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 2170 series#1074193447
.job'
[TRACE] Printing all job properties

ApplicationName: 'D:\HP All in one\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 2170 series#1074193447"'
WorkingDirectory: ''
Comment: ''
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 01/25/2006 20:05:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/15/2004
EndDate: 00/00/0000
StartTime: 20:05
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NAVW32.exe'
Parameters: '/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/18/2004 20:00:00
NextRun: 01/27/2006 20:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 04/28/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'ABAEBC4D91B92F2D.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\axel\applic~1\transi~1\Enc Army Manager.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Axel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/28/2005 16:00:00
NextRun: 01/25/2006 16:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/15/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0



though FindIt does not seem to work I only get a "file not found message" and I dont get an output.txt file
though I do get a whole lot of other files called everything from gibberish.txt too hidden.txt they include system information and files on my computer shall I post the contents of all of those files?

though the winFixer adds have stopped and everything seems to be cool. It could be because I tried out using netlimiter to cut off the connection to the add program that sends me adds. That program is still in the addremove software list by the way. It is called "the best offers".


O and the last program in the findlop.txt file I have no idea of what it does. I really dont have any army managment tools on my computer. Or souldn't have I must say.


btw thanks again for all the work. say why do you guys help out so much? its really decent of you anyway. You know you should make money on this. Promote the website allot and then add a few advertisments. Make sure companies have to pay royalties to get a spot on the website. I dont mind advertisments and it would make your website more than just charity.

Edited by Arnagath, 25 January 2006 - 09:31 AM.


#9 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 25 January 2006 - 03:59 PM

Hi

I really dont have any army managment tools on my computer.

:thumbsup: Of course you don't. This is a lop.com spyware folder and file. Please follow carefully my instructions if you want to get rid of it :flowers:.


Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Copy jt.exe from the c:\findlop folder to your Windows folder: C:\WINDOWS\.

Open Notepad, copy and paste the two lines below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

@echo off
jt /sd ABAEBC4D91B92F2D.job



Copy KillJobs.bat to your Windows folder (C:\WINDOWS\).
Double-click on "KillJobs.bat"
(if prompted, allow the file to run)


Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode


Delete these folders, if present:

c:\Documents and Settings\axel\Application Data\[strange foldername] for example "downloadmp3window"
Should be 2 folders with strange names (random words)

C:\Documents and Settings\All Users\Application Data\[strange foldername]

c:\Program Files\Adverts\ <-- this folder

c:\Program Files\MessengerPlus! 3\ <-- this folder

c:\Program Files\Strange foldername\ <-- this folder


Delete the these 5 icons from your desktop, if present:
"Cellphone Ringtones"
"Casino Online"
"Find a date"
"My Antivirus Update"
"Watch Live TV"

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT and post a new hijackthis log please.

Run this online scan:
Kaspersky Online Scanner: http://www.kaspersky.com/virusscanner
and post the log.

Run again findlop.bat and post the log please.

Edited by Daisuke, 25 January 2006 - 04:03 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#10 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 26 January 2006 - 10:26 AM

quote a few of those folders you listed where not there such as the advert folder though I did find the strange namned ones. And even an exe file named Army managment. And those I deleted.


find lop

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/28/2004 18:47:13
NextRun: 01/26/2006 16:22:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0x65
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/28/2004
EndDate: 00/00/0000
StartTime: 22:47
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 03/05/2003
EndDate: 00/00/0000
StartTime: 20:20
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 2170 series#1074193447
.job'
[TRACE] Printing all job properties

ApplicationName: 'D:\HP All in one\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 2170 series#1074193447"'
WorkingDirectory: ''
Comment: ''
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 01/26/2006 20:05:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/15/2004
EndDate: 00/00/0000
StartTime: 20:05
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NAVW32.exe'
Parameters: '/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Fredrik'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/18/2004 20:00:00
NextRun: 01/27/2006 20:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 04/28/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[/quote]


kaspersky stuff
[quote]

<html>
<head>
<title>KASPERSKY ON-LINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html'>
</head>

<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ON-LINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Thursday, January 26, 2006 16:10:50<br>
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)<br>
Kaspersky On-line Scanner version: 5.0.67.0<br>
Kaspersky Anti-Virus database last update: 26/01/2006<br>
Kaspersky Anti-Virus database records: 162704<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>standard</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>Critical Areas</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
C:\WINDOWS<br>
C:\DOCUME~1\Ebba\LOCALS~1\Temp\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>17235</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>3</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>4</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>1061 sec</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='300'><b>Virus Name</b></td>
</tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\unmbxqs.exe </td>
<td>Infected: Trojan.Win32.Poler.a </td>
</tr>
<tr><td colspan='2' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\polall1m.exe/ </td>
<td>Infected: Trojan-Downloader.Win32.Agent.ae </td>
</tr>
<tr><td colspan='2' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\polall1m.exe </td>
<td>Infected: Trojan-Downloader.Win32.Agent.ae </td>
</tr>
<tr><td colspan='2' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Downloaded Program Files\ISTactivex.dll </td>
<td>Infected: Trojan-Downloader.Win32.IstBar.gen </td>
</tr>
<tr><td colspan='2' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td colspan='2' height='20'><b>Scan process completed.</b></td>
</tr>
</table>
</body>
</html>

[/quote]


hijack this



Logfile of HijackThis v1.99.1
Scan saved at 4:24:28 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\unmbxqs.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Deamon Tools files\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\HP All in one\Digital Imaging\bin\hpotdd01.exe
D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\HP All in one\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\oellibtxprg.exe
D:\HP All in one\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ebba\Desktop\All spyware stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lucasarts.com/games/swempireatwar/indexFlash.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Deamon Tools files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [fzhqcv] C:\WINDOWS\system32\unmbxqs.exe r
O4 - HKCU\..\Run: [ZBroadband Router Utility] C:\Broadband Router\Gate-MON V3.00.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/wi...FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[/quote]

Edited by Daisuke, 26 January 2006 - 02:45 PM.


#11 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 26 January 2006 - 03:01 PM

1) Please print off these intructions - they will be needed later when internet access is not available.
This self-help guide will allow you to remove the Easy-Search.biz Hijacker
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

Click Here to download Killbox by Option^Explicit.
Extract the program to your desktop.

Please download Ad-Aware SE Personal from this page.

Now download the VX2 Cleaner from this page.

Run Ad-Aware SE Personal.
Click Add-Ons.
Double-click VX2 Cleaner.
Click Ok to Excute this tool.

If malware is found click Clean System.
When it's done click Start in Ad-Aware SE Personal.
Make sure Perform smart system scan is checked.
Click Next.
Let it clean anything it finds.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once the Ewido updates are installed and you are in safe mode do the following:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Run HijackThis!, press Scan, and put a checkmark next to all these:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [fzhqcv] C:\WINDOWS\system32\unmbxqs.exe r


Close all other windows and browsers, and press the Fix Checked button.


Double-click on Killbox.exe to start the program.
In the killbox program, select the Delete on Reboot option. Press the All files button.
Copy the lines below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\oellibtxprg.exe
C:\WINDOWS\system32\unmbxqs.exe
C:\WINDOWS\system32\polall1m.exe
C:\WINDOWS\system32\polall1m.exe
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.

Your computer will reboot.

Please post a new hijackthis log. There is no need to use the Quote tag.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#12 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 27 January 2006 - 12:07 PM

Alright the two things that I should have deleated in hijack this where not there so I guess thats no problem.

Logfile of HijackThis v1.99.1
Scan saved at 6:03:24 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Deamon Tools files\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\HP All in one\Digital Imaging\bin\hpotdd01.exe
D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\HP All in one\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ebba\Desktop\All spyware stuff\HijackThis.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lucasarts.com/games/swempireatwar/indexFlash.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Deamon Tools files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [ZBroadband Router Utility] C:\Broadband Router\Gate-MON V3.00.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = D:\HP All in one\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


though one thing is good and that is that all the adds and spywares have stopped. So I must say that I am very thankfull for all the help.

Edited by Arnagath, 27 January 2006 - 12:08 PM.


#13 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 28 January 2006 - 08:05 AM

Your Sun Java version is vulnerable. !! First uninstall Sun Java from Add\Remove Programs. !!
Then install the latest version: http://www.java.com/en/download/manual.jsp

Log looks clean...great job ! :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

How did I get infected ? With steps so it does not happen again !

Glad I was able to help.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#14 Arnagath

Arnagath
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 28 January 2006 - 07:50 PM

thanks Daisuke :thumbsup: you have been a great help.

One question though, right now I am using firefox instead of Internet Explorer. Should I continue to do that?


o and just one more question do you read manga or watch anime? just thought I should ask concerning your namn and all.

Edited by Arnagath, 28 January 2006 - 07:50 PM.


#15 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:10 AM

Posted 30 January 2006 - 04:18 PM

I am using firefox instead of Internet Explorer. Should I continue to do that?

Yes, Firefox is safer. But don't think you are 100% protected with Firefox. Nothing is 100% safe.

do you read manga or watch anime?

Yes, I do :thumbsup:
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users