Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing Sufsidekick/other Spyware


  • Please log in to reply
39 replies to this topic

#31 keksmattson

keksmattson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Metro Detroit Area, Michigan, USA
  • Local time:09:20 AM

Posted 24 February 2006 - 05:31 PM

What do I exactly need to do with the pandascan thing?
I think you are right I think newdotnet is still on my computer.

BC AdBot (Login to Remove)

 


#32 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 24 February 2006 - 06:07 PM

What do I exactly need to do with the pandascan thing?

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
--------------

If that scan still doesn't work, please try this one:

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

#33 keksmattson

keksmattson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Metro Detroit Area, Michigan, USA
  • Local time:09:20 AM

Posted 26 February 2006 - 05:43 PM

Here's the results of the scan (doesnt seem to good):
Also if its to hard to read broken up I can email it to you as an attachment. Thanks.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 26, 2006 5:41:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 26/02/2006
Kaspersky Anti-Virus database records: 178818
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 97691
Number of viruses found: 46
Number of infected objects: 207
Number of suspicious objects: 1
Duration of the scan process: 01:29:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\Desktop\Spyware\uninstall6_90.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Documents and Settings\Owner\Desktop\Spyware\uninstall6_902.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Documents and Settings\Owner\Local Settings\Temp\A5F3FA.tmp/titno.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Documents and Settings\Owner\Local Settings\Temp\A5F3FA.tmp CAB: infected - 1 skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\501E9C42-C2AD-4373-9C5B-D95F9B Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\93C48952-2539-40D0-916B-A16866 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\AC05CB8D-06A8-48A3-A748-D0A2ED Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\18439372-0EA3-440A-B257-E1132D\075960B5-8C5B-43F5-87AF-ABAD76 Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EA8AE30-66D3-4C56-9DCB-D362FF\0FD49D4B-E3D6-42E8-BC44-8A20BF Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EA8AE30-66D3-4C56-9DCB-D362FF\33719524-3F67-4D15-858F-5B4233 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\A03EFBE8-D68D-4914-BAB8-279084\B6C4D58F-0219-4670-AC56-FD2630 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\A03EFBE8-D68D-4914-BAB8-279084\F548BE89-8729-4BEF-B1E1-300763 Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\00A85CD9.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\01516C8F.tmp Infected: Trojan.Java.ClassLoader.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\01A17F6A.tmp Infected: Trojan.Java.Binny.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\0600459B.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\081B487E.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\081E727B.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\092313A9.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BDB1328.tmp Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\101E11ED.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip ZIP: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\10B51D48.zip CryptFF: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\116E64EE.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\11BA3C28.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\11BC5498.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\12716B5F.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\14B34FA8.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\17537DBD.tmp Infected: Trojan.Java.ClassLoader.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\18002301.tmp Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\1AB34838 Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\1B03627A Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D4556E8.exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D6E340F.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D6E340F.tmp Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Norton AntiVirus\Quarantine\20440BA7 Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\23383B39.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\24BD68E7 Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\2518195F.cla Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\28F36C30.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BD447A5 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C2F37E2.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\376403A4.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A3B595B.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D0E5208 Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F2C34A0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F305E9C.EXE Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F330898.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F363295.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F395C91.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F3D068E.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F40308A Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F40308A.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86 CAB: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86 CryptFF: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F435A86.exe Infected: Trojan-Downloader.Win32.VB.wr skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F460483.exe Infected: Trojan-Downloader.Win32.Adload.s skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F CAB: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F CryptFF: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A2E7F.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4D587C.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F500278.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F500278.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F500278.fr0 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F542C74.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FE51393.tmp Infected: Trojan.Java.ClassLoader.aj skipped
C:\Program Files\Norton AntiVirus\Quarantine\4288048C.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\435B35AA.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\449C6277.dll Infected: not-a-virus:AdWare.Win32.Relevance.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4A1D298B Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EEB71A9.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F05448E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F05448E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F05448E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F05448E.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4F05448E.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\513E7B87.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\51C74D83.tmp Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
C:\Program Files\Norton AntiVirus\Quarantine\52A7028E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\52A7028E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\52A7028E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\52A7028E.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\52A7028E.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\56933EC9.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\58905498.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\58DB1A45.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A7C2DA7.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BD43E0D.exe Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BD43E0D.tmp Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.lu skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.exe NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.tmp/data0001 Infected: Trojan-Downloader.Win32.IstBar.lu skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.tmp/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.tmp NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDB4645.tmp CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CF065AC Infected: Trojan-Downloader.Win32.TSUpdate.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03/WISE0013.BIN Infected: Trojan-Downloader.Win32.TSUpdate.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03 WiseSFX: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F346E03 CryptFF: infected - 5 skipped
C:\Program Files\Norton AntiVirus\Quarantine\60CB4079 Infected: Trojan-Downloader.Win32.Dyfuca.dc skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.cla Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\60DA1F8E.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\60E17386.cla Infected: Trojan.Java.ClassLoader.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6277626C.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\62CC3CAB.tmp Infected: Trojan.Java.Binny.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\64670791.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\64987D5B.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\653E5AA4.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\65CB6809.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\660C69A6.exe Infected: Trojan-Downloader.Win32.VB.wr skipped
C:\Program Files\Norton AntiVirus\Quarantine\6705130D.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\6705130D.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\6705130D.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6705130D.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\68B65251.exe Infected: Trojan-Downloader.Win32.VB.wy skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A832AB3.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A8654B0.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\719C25A5.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\75B71AB1.htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\766357F1.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\766601ED.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\767D27D4.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\769B21B4.exe Infected: Email-Worm.Win32.VB.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\79880ADE.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B52630E.EXE/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B52630E.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B52630E.EXE WiseSFX: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B52630E.EXE CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C19478F Infected: not-a-virus:AdWare.Win32.WinAD.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C1C718C Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C1F1B88 Infected: Trojan-Downloader.Win32.TSUpdate.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D5D7A0E.tmp Infected: Trojan-Dropper.Java.Beyond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D9357AB.EXE Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ED4157C.tmp Infected: Email-Worm.Win32.VB.an skipped
C:\RECYCLER\NPROTECT\00003008 Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\RECYCLER\NPROTECT\00003013 Infected: Trojan-Downloader.Win32.VB.ww skipped
C:\release.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP341\A0106908.exe Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP341\A0106961.exe Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0107788.EXE Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0107790.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0107792.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108227.EXE Infected: Trojan-Downloader.Win32.Adload.s skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108276.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108290.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108291.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108316.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108317.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108318.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108328.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108353.EXE Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108365.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108397.EXE Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108398.EXE Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108399.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108400.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108401.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108402.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108403.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108404.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108405.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108406.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108407.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108408.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108409.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108410.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108411.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108412.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108413.exe Infected: Trojan-Downloader.Win32.VB.wr skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108417.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP355\A0108419.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP357\A0108769.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP357\A0108770.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP357\A0108771.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP357\A0108773.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP357\A0108777.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP359\A0108874.exe Infected: Trojan-Downloader.Win32.VB.wy skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP360\A0108899.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP360\A0108900.exe Infected: Trojan-Downloader.Win32.VB.ww skipped
C:\WINDOWS\system32\FI20ENU.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\pre2.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SFGQ05OL\send_car_int[1].htm Suspicious: Exploit.HTML.CodeBaseExec skipped

Scan process completed.

#34 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 26 February 2006 - 06:05 PM

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "FI20ENU.DLL"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
    • C:\WINDOWS\system32\FI20ENU.DLL
  • Click Open.
  • Click Post.
Thank you!

------------------------------
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Please open Norton AntiVirus and empty its Quarantine!

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check "Turn off System Restore".
    • Click Apply, and then click OK.
  • Reboot your computer.

  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check "Turn off System Restore".
    • Click Apply, and then click OK.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\WINDOWS\system32\pre2.exe <= this file
C:\release.exe <= this file
C:\Documents and Settings\Owner\Desktop\Spyware\uninstall6_90.exe <= this file
C:\Documents and Settings\Owner\Desktop\Spyware\uninstall6_902.exe <= this file

C:\Documents and Settings\Owner\Local Settings\Temp\A5F3FA.tmp <= this file



Reboot your computer normally.

Run another scan with Kapersky and post the log along with a fresh HJT log.

#35 keksmattson

keksmattson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Metro Detroit Area, Michigan, USA
  • Local time:09:20 AM

Posted 26 February 2006 - 11:02 PM

Here is the new scan report...I noticed some of the items are from microsoft's anitspyware program and if I need to delete these items like I did from nortorn antivirus im not sure how to do so. Thanks

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 26, 2006 11:00:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 27/02/2006
Kaspersky Anti-Virus database records: 178867
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 83862
Number of viruses found: 5
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:11:27

Infected Object Name / Virus Name / Last Action
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\501E9C42-C2AD-4373-9C5B-D95F9B Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\93C48952-2539-40D0-916B-A16866 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\0EDBCF75-C28F-41B4-94F5-CE7730\AC05CB8D-06A8-48A3-A748-D0A2ED Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\18439372-0EA3-440A-B257-E1132D\075960B5-8C5B-43F5-87AF-ABAD76 Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EA8AE30-66D3-4C56-9DCB-D362FF\0FD49D4B-E3D6-42E8-BC44-8A20BF Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EA8AE30-66D3-4C56-9DCB-D362FF\33719524-3F67-4D15-858F-5B4233 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\A03EFBE8-D68D-4914-BAB8-279084\B6C4D58F-0219-4670-AC56-FD2630 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\A03EFBE8-D68D-4914-BAB8-279084\F548BE89-8729-4BEF-B1E1-300763 Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP1\A0000128.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP1\A0000129.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP1\A0000130.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{60E9B3CE-ECA7-4B34-AF90-4202F8D2CBFA}\RP1\A0000131.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINDOWS\system32\FI20ENU.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

Scan process completed.

#36 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 27 February 2006 - 02:40 AM

Download Killbox to your desktop.
Click killbox.exe.
Select the option "Delete on reboot".
In the field labeled "Full Path of File to Delete" copy and paste next:

C:\WINDOWS\system32\FI20ENU.DLL

Click the button: Single File (!important!)

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that the listed file will be removed on next reboot and asks if you would like to Reboot now, click YES

Your computer must reboot now.

Please open Microsoft AntiSpyware and emtpy its Quarantine aswell!

Then reboot your computer.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check "Turn off System Restore".
    • Click Apply, and then click OK.
  • Reboot your computer.

  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check "Turn off System Restore".
    • Click Apply, and then click OK.
Reboot again!

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#37 keksmattson

keksmattson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Metro Detroit Area, Michigan, USA
  • Local time:09:20 AM

Posted 27 February 2006 - 01:07 PM

Here are the new logs:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, February 27, 2006 1:04:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 27/02/2006
Kaspersky Anti-Virus database records: 179047
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 83848
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:04:04

Infected Object Name / Virus Name / Last Action
C:\!KillBox\FI20ENU.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

Scan process completed.

----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:05:43 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\PurgeIE\PurgeIE_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#38 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 27 February 2006 - 01:09 PM

Please delete this folder:

C:\!KillBox

And tell me how your computer is running!

#39 keksmattson

keksmattson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Metro Detroit Area, Michigan, USA
  • Local time:09:20 AM

Posted 27 February 2006 - 02:04 PM

Seems to be running good...If anything changes or I come across anything else Ill let you know.
Thanks a lot.

keksmattson

#40 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 27 February 2006 - 02:09 PM

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.

    Please post back if you are still having any problems....

    Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users