Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Back?


  • Please log in to reply
9 replies to this topic

#1 jerichosmvp

jerichosmvp

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 March 2006 - 01:59 PM

Alrighty, so back in December I had the Winfixer problem. Thanks to you guys, I got rid of the problem. It seems to be back now.

After one of my siblings finished up this morning, I suspect they may have come in contact with this again as popups are popping up occasionally advertising Winfixer and other things. I tried running Ad-Aware, but after it starts, it makes the computer restart itself.

Here's the HJT log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131402474578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\SYSTEM32\ssqrr.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thanks in advance for any advice/help you can offer :thumbsup:

BC AdBot (Login to Remove)

 


#2 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:08 AM

Posted 10 March 2006 - 04:13 PM

Hello jerichosmvp,

Welcome to BleepingComputer!

My name is Nick and I will be checking over your log.

Let's get started.

You will want to print or save these instructions.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Thanks,
Nick
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#3 jerichosmvp

jerichosmvp
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 March 2006 - 04:53 PM

Hi Nick,

Here's the VundoFix log, followed by the HJT log:


VundoFix V4.2.30
Scan started at 2:48:26 PM 3/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.bak1

C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gebcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\mlnmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.ini2 Has been deleted!

Performing Repairs to the registry.
Done!






Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131402474578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:08 AM

Posted 10 March 2006 - 11:13 PM

Hi,

You seem to have forgotten to include the header of the HijackThis log.
It looks like this:
Logfile of HijackThis v1.99.1
Scan saved at 9:18:34 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Can you post me a fresh HijackThis log with the top included?

Thanks,

Nick :thumbsup:
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#5 jerichosmvp

jerichosmvp
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 March 2006 - 12:03 AM

Sorry about that, was in a rush. Here it is

Logfile of HijackThis v1.99.1
Scan saved at 2:52:39 PM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

#6 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:08 AM

Posted 11 March 2006 - 12:08 AM

Hi,

Run a scan with HijackThis. Place a check next to the following entries:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
Close any open browsers and click "Fix Checked".

Go ahead and delete this folder:
C:\Program Files\PartyPoker

How's your pc doing?

If everything is well, I'll post my prevention speech :thumbsup:

I almost forgot,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Thanks again.
Nick

Edited by Cloutz, 11 March 2006 - 12:09 AM.

Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#7 jerichosmvp

jerichosmvp
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 March 2006 - 02:31 AM

Here's the active scan log:


Incident Status Location

Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@247realmedia[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@stats1.reliablestats[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@www.burstbeacon[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Dani\Cookies\dani@247realmedia[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Dani\Cookies\dani@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dani\Cookies\dani@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Dani\Cookies\dani@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dani\Cookies\dani@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dani\Cookies\dani@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dani\Cookies\dani@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dani\Cookies\dani@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dani\Cookies\dani@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dani\Cookies\dani@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dani\Cookies\dani@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dani\Cookies\dani@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dani\Cookies\dani@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dani\Cookies\dani@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dani\Cookies\dani@fastclick[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Dani\Cookies\dani@linksynergy[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Dani\Cookies\dani@microsofteup.112.2o7[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Dani\Cookies\dani@paypopup[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dani\Cookies\dani@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dani\Cookies\dani@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dani\Cookies\dani@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dani\Cookies\dani@revenue[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dani\Cookies\dani@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dani\Cookies\dani@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Dani\Cookies\dani@stats1.reliablestats[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Dani\Cookies\dani@targetnet[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dani\Cookies\dani@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dani\Cookies\dani@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Dani\Cookies\dani@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Dani\Cookies\dani@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dani\Cookies\dani@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dani\Cookies\dani@z1.adserver[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@burstnet[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@go[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@paypopup[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dani\Local Settings\Temp\Cookies\dani@www.burstbeacon[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@247realmedia[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@stats1.reliablestats[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Danielle\Cookies\danielle@www.burstbeacon[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@ad.yieldmanager[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@realmedia[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Deanna\Cookies\deanna@valueclick[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mac\Cookies\mac@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mac\Cookies\mac@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mac\Cookies\mac@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mac\Cookies\mac@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mac\Cookies\mac@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mac\Cookies\mac@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mac\Cookies\mac@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mac\Cookies\mac@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Mac\Cookies\mac@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mac\Cookies\mac@bluestreak[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mac\Cookies\mac@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mac\Cookies\mac@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mac\Cookies\mac@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mac\Cookies\mac@com[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Mac\Cookies\mac@counter10.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Mac\Cookies\mac@counter14.sextracker[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mac\Cookies\mac@cs.sexcounter[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mac\Cookies\mac@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mac\Cookies\mac@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mac\Cookies\mac@fastclick[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Mac\Cookies\mac@hotlog[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Mac\Cookies\mac@kinghost[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mac\Cookies\mac@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mac\Cookies\mac@mediaplex[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mac\Cookies\mac@paycounter[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Mac\Cookies\mac@paypopup[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Mac\Cookies\mac@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mac\Cookies\mac@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mac\Cookies\mac@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mac\Cookies\mac@revenue[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mac\Cookies\mac@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Mac\Cookies\mac@sexlist[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Mac\Cookies\mac@sextracker[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Mac\Cookies\mac@spywarestormer[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mac\Cookies\mac@statcounter[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Mac\Cookies\mac@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mac\Cookies\mac@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mac\Cookies\mac@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Mac\Cookies\mac@valueclick[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Mac\Cookies\mac@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Mac\Cookies\mac@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mac\Cookies\mac@www.burstbeacon[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mac\Cookies\mac@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mac\Cookies\mac@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mac\Cookies\mac@zedo[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mom\Cookies\mom@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mom\Cookies\mom@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mom\Cookies\mom@mediaplex[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@adultfriendfinder[2].txt
Spyware:Cookie/Banner Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@go[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@kinghost[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@paypopup[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@rn11[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@stats1.reliablestats[1].txt
Spyware:Cookie/Tucows Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@tucows[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Dani\Cookies\dani@www.burstbeacon[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Deanna\Cookies\deanna@burstnet[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Deanna\Cookies\deanna@www.burstbeacon[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Mac\Cookies\mac@ad.yieldmanager[2].txt
Spyware:Cookie/Sexsuche Not disinfected C:\My Backup -- 05-11-07 0208PM\My old Documents and Settings\Mac\Cookies\mac@counter.sexsuche[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\My Backup -- 05-11-07 0208PM\My old My Backup -- 05-10-30 1249PM\My old Documents and Settings\Dani\Local Settings&

#8 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:08 AM

Posted 11 March 2006 - 10:00 AM

Hi again,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Everything looks great, your HijackThis log appears to be CLEAN!!!

Here is a list of tools I like to suggest to users to prevent future infections.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! -Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.
Got infected by malware and want to let others know how you feel?
Register Your Complaint About Malware That Has Infected You Here. Let others know how you feel about malware.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Thanks,
Nick
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006

#9 jerichosmvp

jerichosmvp
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 11 March 2006 - 12:17 PM

Thank you tons and tons and tons Nick!

I'll be sure to get those programs you suggest, and also teach my clueless siblings about them as well.

Again, thanks a lot, I really appreciate it!

#10 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:08 AM

Posted 11 March 2006 - 05:42 PM

Glad I can help :thumbsup:
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users