Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Some Serious Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 Brian Bell

Brian Bell

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 12:19 AM

I followed the instructions in the above thread the best I could:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I cleaned out my temporary internet and temp files, ran Ad-Aware and Spybot, and ran McAfee Stinger. I was unable to run either my Virus Scan software or any of the free ones (for some reason I can't connect to any of those sites, don't know if that's part of the problem or not). I'm a novice at this and all I can tell you is that all of a sudden my Task Manager, Windows Firewall, My Anti-Virus software as well as my Windows Search feature are all not working. Here is my HiJackThis Log, if you need me to include anything else just let me know.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:01 AM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\anti_troj.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.aol.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Files\Proxyway Pro 2.2 Crack\ProxyWay Pro 2.2 + Crack\Crack\proxyway.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777074937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777068343
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://www.worldwinner.com/games/v42/territory/territory.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46/tracman/tracman.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://mirror.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v63/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_301/w...OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45/wwspades/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 20 February 2006 - 05:12 AM

Hello,

It looks like the malware present already damaged a lot, so we need to get rid of it first before we restore your windows firewall, taskmanager, searchfunction corrupted...

First of all, we need to restore your hostsfile, because most probably this is the reason you can't connect to any security related sites. Because You'll need a removaltool from one of those sites as well.

So perform next:

* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

Then download next removaltool:

http://securityresponse.symantec.com/avcenter/FxLodear.exe

Place it on your desktop.

Then disconnect from the internet!!

# Double-click the FxLodear.exe file to start the removal tool.
# Click Start to begin the process, and then allow the tool to run.
# Restart the computer.
# Run the removal tool again to ensure that the system is clean.

Reboot once again and post a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 12:36 PM

OK here is a brand new log after running Hoster and FXLodear:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:16 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\winlog.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.aol.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Files\Proxyway Pro 2.2 Crack\ProxyWay Pro 2.2 + Crack\Crack\proxyway.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777074937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777068343
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://www.worldwinner.com/games/v42/territory/territory.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46/tracman/tracman.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://mirror.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v63/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_301/w...OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45/wwspades/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 20 February 2006 - 01:19 PM

It looks like the removaltool deleted one entry, however I still see that winlog present there.

So let's deal with this in another way..

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\system32\winlog.exe

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system must reboot now.

I see you have PartyPoker, Bodog Poker and royalvegasMPP installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.
If you do play it, then leave it alone.

Also uninstall Rebate Nation if present.
Reboot afterwards.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [key2] C:\WINDOWS\system32\winlog.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Files\Proxyway Pro 2.2 Crack\ProxyWay Pro 2.2 + Crack\Crack\proxyway.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_301/w...OCX/FlashAX.cab


Check next entries if you decided to uninstall the Poker programs:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next folders:

C:\Files\Proxyway Pro 2.2 Crack <== folder (This is the main problem why you get infected!)
C:\Program Files\Rebate_Nation <== folder

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 05:28 PM

Panda report:


Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Default User\Application Data\eber.exe
Virus:Trj/Downloader.TC Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\Cache(4)\DA2E834Bd01
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[46877078]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[46877078]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[17253030]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[78945788]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Default User\Cookies\owner@0[5].txt
Spyware:Cookie/n-CASE Not disinfected C:\Documents and Settings\Default User\Cookies\owner@180solutions[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Default User\Cookies\owner@276[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Default User\Cookies\owner@2o7[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Default User\Cookies\owner@2o7[2].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Default User\Cookies\owner@307[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Default User\Cookies\owner@a.as-us.falkag[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Default User\Cookies\owner@abetterinternet[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ads.pointroll[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Uproar Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ads.uproar[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Default User\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Default User\Cookies\owner@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Default User\Cookies\owner@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Default User\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default User\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default User\Cookies\owner@atdmt[3].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bfast[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bluestreak[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bluestreak[3].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bravenet[2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Default User\Cookies\owner@bs.serving-sys[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Default User\Cookies\owner@c.enhance[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Default User\Cookies\owner@c.fsx[1].txt
Spyware:Cookie/C.porngraph Not disinfected C:\Documents and Settings\Default User\Cookies\owner@c.porngraph[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Default User\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ccbill[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Default User\Cookies\owner@centrport[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Default User\Cookies\owner@centrport[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Default User\Cookies\owner@cgi-bin[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Default User\Cookies\owner@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Default User\Cookies\owner@com[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Default User\Cookies\owner@counter3.sextracker[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Default User\Cookies\owner@ct.360i[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Default User\Cookies\owner@desktop.kazaa[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default User\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Default User\Cookies\owner@doubleclick[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Default User\Cookies\owner@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Default User\Cookies\owner@findwhat[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Default User\Cookies\owner@fortunecity[2].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Default User\Cookies\owner@gator[1].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Default User\Cookies\owner@gator[3].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Default User\Cookies\owner@go[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Default User\Cookies\owner@go[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default User\Cookies\owner@hg1.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default User\Cookies\owner@hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default User\Cookies\owner@hitbox[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Default User\Cookies\owner@maxserving[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Default User\Cookies\owner@maxserving[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Default User\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Default User\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Default User\Cookies\owner@mysearch[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Default User\Cookies\owner@overture[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Default User\Cookies\owner@pacificpoker[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Default User\Cookies\owner@paycounter[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Default User\Cookies\owner@phg.hitbox[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Default User\Cookies\owner@qksrv[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Default User\Cookies\owner@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Default User\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Default User\Cookies\owner@questionmarket[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Default User\Cookies\owner@realmedia[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Default User\Cookies\owner@realmedia[3].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Default User\Cookies\owner@revenue[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Default User\Cookies\owner@revenue[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Default User\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Default User\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Default User\Cookies\owner@servedby.advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Default User\Cookies\owner@servedby.advertising[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Cookies\owner@server.iad.liveperson[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Default User\Cookies\owner@server.iad.liveperson[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Default User\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Default User\Cookies\owner@sextracker[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Default User\Cookies\owner@targetnet[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Default User\Cookies\owner@targetnet[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Default User\Cookies\owner@tickle[1].txt
Spyware:Cookie/SaveNow Not disinfected C:\Documents and Settings\Default User\Cookies\owner@tracking.thunderdownloads[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Default User\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Default User\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Default User\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Default User\Cookies\owner@valueclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Default User\Cookies\owner@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Default User\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\Documents and Settings\Default User\Cookies\owner@www.goldenpalace[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Default User\Cookies\owner@www.xzoomy[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Default User\Cookies\owner@www.xzoomy[2].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Default User\Cookies\owner@xxxtoolbar[1].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Default User\Cookies\owner@xxxtoolbar[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Default User\Cookies\owner@z1.adserver[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Default User\Cookies\owner@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Default User\Cookies\owner@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\Cookies\owner@atdmt[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\Cookies\owner@bravenet[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\Cookies\owner@maxserving[1].txt
Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\WinWildApp.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\4lz6goow.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\4lz6goow.default\cookies.txt[46877078]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\eber.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6m5x3zxp.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6m5x3zxp.default\cookies.txt[46877078]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6m5x3zxp.default\cookies.txt[]
Virus:Trj/Downloader.TC Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\Cache(4)\DA2E834Bd01
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[17253030]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[46877078]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[78945788]
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@307[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.fsx[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[3].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ct.360i[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Owner\Cookies\owner@desktop.kazaa[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[3].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[4].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@landing.domainsponsor[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mysearch[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.xzoomy[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.xzoomy[2].txt
Virus:W32/Bagle.HD.worm Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\_ex13B.tmp.exe
Virus:W32/Bagle.HD.worm Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\_ex15D.tmp.exe
Virus:W32/Bagle.HD.worm Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~13C.exe
Virus:Trj/Mitglieder.HW Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~13D.exe
Virus:W32/Bagle.HD.worm Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~15E.exe
Virus:Trj/Mitglieder.HW Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\~15F.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Trj/Downloader.HNC Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.exe
Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf

Edited by Brian Bell, 20 February 2006 - 05:30 PM.


#6 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 05:33 PM

Rest of Panda Report:

Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi.inf
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_40.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_48.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_22.exe
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Virus:Trj/Mitglieder.HW Not disinfected C:\WINDOWS\system32\anti_troj.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
Virus:Trj/Downloader.TC Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\Cache(4)\DA2E834Bd01
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[46877078]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[46877078]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[17253030]
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[78945788]
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p30it6yr.slt\cookies.txt[]
Spyware:Cookie/Sandboxer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@0[5].txt
Spyware:Cookie/n-CASE Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@180solutions[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@276[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[2].txt
Spyware:Cookie/Sandboxer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@307[1].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a.as-us.falkag[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@abetterinternet[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.pointroll[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Uproar Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.uproar[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@as-us.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atdmt[3].txt
Spyware:Cookie/Bfast Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bfast[1].txt
Spyware:Cookie/Bfast Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bluestreak[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bluestreak[3].txt
Spyware:Cookie/bravenetA Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bravenet[2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bs.serving-sys[1].txt
Spyware:Cookie/Enhance Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@c.enhance[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@c.fsx[1].txt
Spyware:Cookie/C.porngraph Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@c.porngraph[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ccbill[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@centrport[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@centrport[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi-bin[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@com[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@counter3.sextracker[1].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ct.360i[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@desktop.kazaa[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[3].txt
Spyware:Cookie/FastClick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@findwhat[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@fortunecity[2].txt
Spyware:Cookie/Gator Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[1].txt
Spyware:Cookie/Gator Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@gator[3].txt
Spyware:Cookie/go Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@go[1].txt
Spyware:Cookie/go Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@go[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hg1.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hitbox[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@maxserving[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@maxserving[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mysearch[2].txt
Spyware:Cookie/Overture Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@overture[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@pacificpoker[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@paycounter[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@phg.hitbox[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@qksrv[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@questionmarket[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[3].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@revenue[1].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@revenue[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@servedby.advertising[2].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@servedby.advertising[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.iad.liveperson[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.iad.liveperson[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@sextracker[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@targetnet[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@targetnet[2].txt
Spyware:Cookie/Tickle Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tickle[1].txt
Spyware:Cookie/SaveNow Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tracking.thunderdownloads[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@valueclick[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.goldenpalace[1].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.xzoomy[1].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.xzoomy[2].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@xxxtoolbar[1].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@xxxtoolbar[2].txt
Spyware:Cookie/Adserver Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@z1.adserver[1].txt
Spyware:Cookie/Adserver Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@z1.adserver[2].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Cookies\owner@atdmt[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Cookies\owner@bravenet[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Cookies\owner@maxserving[1].txt
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\WinWildApp.exe
Adware:Adware/BHO Not disinfected C:\WINDOWS\system32\hosts.2
Adware:adware/ilookup Not disinfected C:\WINDOWS\system32\hotbod123121.ico
Virus:Trj/Multidropper.AGW Not disinfected C:\WINDOWS\system32\in5b4s.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\l?ass.exe
Adware:adware/toprebates Not disinfected C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe
Virus:W32/Bagle.HD.worm Not disinfected C:\WINDOWS\system32\winlog.dll
Spyware:spyware/commonname Not disinfected C:\WINDOWS\system32\winnet.ini
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\adm4.dll
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admdata.dll
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admdloader.dll
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admfdi.dll
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\admprog.dll
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[AltnetUninstall.exe]
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[asmend.exe]
Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\Temp\Altnet\mysearch.cab
Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\Temp\Altnet\mysearch.cab[mySetp.exe]
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab
Spyware:Spyware/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\pmexe.cab[Points Manager.exe]


New HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:56:41 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.aol.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102118778\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777074937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127777068343
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://www.worldwinner.com/games/v42/territory/territory.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90B7E2B3-2E56-4571-9E54-823E33C4B4B4} (TracMan Control) - http://www.worldwinner.com/games/v46/tracman/tracman.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://mirror.worldwinner.com/games/v48/haunted/haunted.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v63/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman

#7 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 05:34 PM

Rest of HiJackThis log:

O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v42/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v45/wwspades/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 20 February 2006 - 05:35 PM

Edit.. I see you already posted your hijackthislog. :thumbsup:

Edited by miekiemoes, 20 February 2006 - 05:36 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 20 February 2006 - 05:43 PM

Hello,

Delete next files:

C:\WINDOWS\system32\hosts.2 <== don't delete hosts!!!!
C:\WINDOWS\system32\hotbod123121.ico
C:\WINDOWS\system32\in5b4s.dll
C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe
C:\WINDOWS\system32\winlog.dll
C:\WINDOWS\inf\bi.inf
C:\WINDOWS\kwv2.dat
C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\NDNuninstall5_40.exe
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\anti_troj.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.exe
C:\Program Files\Common Files\SearchUpgrader <== folder

Some files will be hidden, so perform next:
Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now delete next files:

C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\WINDOWS\Downloaded Program Files\WinadX.inf

Go to start > run and type regsvr32 occache.dll
Click OK

Download and scan with CCleaner
During Install of Ccleaner, Uncheck to install the Yahoo toolbar!
1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.


In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

3. Click the "Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click "OK" and it will scan and clean your system.
6. Click "exit" when done.

Then Open notepad, copy and paste next content (bold) in it:

dir C:\WINDOWS\System32\l?ass.exe /a h > look.txt
start notepad look.txt


Save this as look.bat ,choose to save as *all files and save it to your desktop.
This is how the batch must look after you created it: Posted Image
Doubleclick on it and notepad will open with some text in it.
Copy and paste this in your next reply.

Also let me know if your taskmanager, windows search and Windows Firewall is still disabled.

Edited by miekiemoes, 20 February 2006 - 05:44 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 06:28 PM

Windows Firewall and Task Manager ARE working. Windows Search is still not working; I'm getting the following error:

A File that is required to run Search Companion cannot be found. You may need to run setup.

Here is the text that was in the look.bat file:

Volume in drive C is PRESARIO
Volume Serial Number is A0DA-5CBE

Directory of C:\WINDOWS\System32

08/04/2004 07:00 AM 13,312 lsass.exe
09/08/2004 12:36 PM 372,736 l?ass.exe
2 File(s) 386,048 bytes

Directory of C:\Documents and Settings\Owner\Desktop

Edited by Brian Bell, 20 February 2006 - 06:28 PM.


#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 20 February 2006 - 06:37 PM

Ok, let's deal with that l?ass now..

there are two lsass.exe's present in your system32-folder. A bogus one and a good/legit one. The bogus one doesn't exactly look like lsass.exe though...
so you have to delete the bogus one ofcourse. No need to do this in safe mode.
I am going to explain how to know which one is the good and the bad one.

First of all, Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Ok, let's try next. As you see, the legit, good one is lsass.exe, which is dated 08/04/2004 and around 13kb
If you rightclick on the good lsass.exe, choose properties, you'll see under version: LSA Shell (Export Version) and has as company Microsoft. Don't delete that one!!

The bad/bogus one you need to find is dated 09/08/2004 and around 372kb (so a big difference in filesize between the good and bogus one)
Open your system32-folder
On top in the menu, click on the 'views'-icon
Choose details
Click on the date modified-tab
This will sort the files in your system32-folder on date.
Now search for all the files dated 09/08/2004 and the size is around 372kb,
it starts with an l (L) and ends on ass (l*ass.exe)
That one you need to delete.
Again, please make sure you don't delete the good lsass.exe! (you won't be able to delete it anyway)
If in doubt, tell me.

Let me know in your next reply if you could find and delete it.
Don't delete any other files also, you only have to delete that bogus l*ass.exe (* stands for random letter/odd character, that's why windows displays a questionmark in logs because it can't read that character, but most probably it will look like an s)

Concerning your Windows Search, try next:

Go to start > run and copy and paste next command in the field:

regsvr32 %systemroot%\srchasst\srchui.dll

Click OK.

Let me know in case you get an error here.

Reboot and try search again.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 February 2006 - 08:30 PM

Was able to delete the bogus lsass file, but my Search Companion is still not working; still getting the same error message.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 21 February 2006 - 01:12 AM

Ok, let's try something different...

Go to next file:

C:\Windows\Inf\Srchasst.inf

Rightclick on it and choose Install.

Hope this works.
If this doesn't, then read here what else you can do:
http://www.kellys-korner-xp.com/xp_search.htm
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Brian Bell

Brian Bell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 February 2006 - 10:07 AM

Everything is working as it should now. Thanks so much for your help. You saved me a ton of time and money as the place I bought my computer from is nearly an hour's drive away. I sent you a little something via PayPal. It isn't much, but given my financial situation it's about the best I can do. Thanks again.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:57 AM

Posted 21 February 2006 - 10:12 AM

Hi Brian,

Thanks for the donation, it is really appreciated... and glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users