Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Major Problem Can't Remove Virus, Please Please Help Me


  • This topic is locked This topic is locked
16 replies to this topic

#1 skepticlial

skepticlial

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 13 May 2006 - 11:46 AM

I've used so many programs and none have helped

Here is my HijackThis log file

Logfile of HijackThis v1.99.1
Scan saved at 12:42:43 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\WW9zZWY\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Common Files\AOL\1133833671\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\winlog.exe
C:\defender19a.exe
C:\windows\system32\pkdsregr.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\win3208221785294.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\win3207422178529.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\NetMeeting\nmasnt.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nwinlqaf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\NEWACC~1.COM\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\citol.exe
F2 - REG:system.ini: UserInit=userinit.exe,measwqw.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133833671\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard19.exe
O4 - HKLM\..\Run: [defender] C:\\defender19a.exe
O4 - HKLM\..\Run: [newname] C:\\newname19.exe
O4 - HKLM\..\Run: [{C2-2C-C0-0E-ZN}] C:\windows\system32\pkdsregr.exe CORN004
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3208221785294] C:\WINDOWS\win3208221785294.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [w08b1c0f.dll] RUNDLL32.EXE w08b1c0f.dll,I2 000d043c008b1c0f
O4 - HKLM\..\Run: [win3207422178529] C:\WINDOWS\win3207422178529.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlqaf.exe CORN004
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinlqaf.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FastDownloads - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Yosef\Application Data\FastDownloads[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\enn8l15u1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WW9zZWY\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 13 May 2006 - 08:19 PM

WHY WONT ANYONE HELP ME!!!!!!!!!!

PLEASE SOMEONE HELP ME

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 14 May 2006 - 04:12 AM

hi,

This is a really nasty log...
I also see you have Kazaa and Bearshare installed. Both are bundled with spyware and is one of the main reasons why you got infected.
Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p.

So it is really important you follow every step in the right order without missing any step!


First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

After reboot...

Go to start > controlpanel > sofware > add/remove programs and uninstall next programs if present:

Webhancer
Surfsidekick
Network Monitor
Command
Zeno / zenosearch
Kazaa
Bearshare
Altnet
The best offers
Registry Cleaner Trial
Configuration Manager
Webnexus
Viewpoint
Viewpoint Manager
Viewpoint player
InstaFinder


Follow the prompts during above uninstall procedures and reboot when asked. This is really important!!

After the several reboots, perform next..

* Download AlcanShorty from here.
Click the download button below and agree to download the fix.
Download Alcanshorty to your desktop.
DoubleClick alcanshorty_en.exe and click install
This will create a new folder on your desktop called alcanshorty_en
Open that folder and doubleclick Run.bat
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it, because alcanshorty needs to download some additional files to let the tool run properly.
Once the fix starts, your icons and desktop will disappear, this is normal.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report Together with the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.

Edited by miekiemoes, 14 May 2006 - 04:13 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 14 May 2006 - 01:29 PM

I can't download the AlcanShorty.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 14 May 2006 - 01:39 PM

Strange... Ok, I've uploaded it here as an attachement.
Download it to your desktop.
Then you have to unzip, because I've uploaded it as a zipfile here
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
This should create a new folder on your desktop called alcanshorty_en
Open the folder and perform next..

DoubleClick alcanshorty_en.exe and click install
This will create a new folder on your desktop called alcanshorty_en
Open that folder and doubleclick Run.bat
Make sure you have a working internet connection. In case your firewall gives an alert, don't block it, because alcanshorty needs to download some additional files to let the tool run properly.
Once the fix starts, your icons and desktop will disappear, this is normal.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.


Then also perform the rest of my steps as I asked ( I guess you are doing everything in the right order? Because that is really important)
[attachment=818:attachment]

Edited by miekiemoes, 14 May 2006 - 01:39 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 14 May 2006 - 02:51 PM

Sorry again but the Scan Your PC Button on Panda Online doesn't work.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 14 May 2006 - 03:18 PM

Ok, looks like we need to reregister jscript.dll
So perform next..

Close your internet explorer.

Go to start > run and copy and paste next command in the field:

regsvr32 jscript.dll

You should get a message saying "DllRegisterServer ... succeeded" afterwards.
Then try the Online scan again.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 15 May 2006 - 05:52 PM

Thanks, I finished all the steps that you told me to do. Is there anything else?

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 15 May 2006 - 05:57 PM

Ehm yes, now you should post the logs I asked you:

Post the contents of the Panda scan report Together with the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.


AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 15 May 2006 - 09:20 PM

Oh I'm Sorry


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/14/2006 1:11:16 PM

Infected! C:\WINDOWS\system32\hrrm0591e.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819206.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819224.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819285.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819304.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819661.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819702.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819749.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819775.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819808.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819845.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819962.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819967.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819990.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820007.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820058.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820220.dll
Infected! C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820225.dll
Infected! C:\WINDOWS\system32\kudtuf.dll
Infected! C:\WINDOWS\system32\frswzrd.dll
Infected! C:\WINDOWS\system32\mycat32.dll
Infected! C:\WINDOWS\system32\hrrm0591e.dll
Infected! C:\WINDOWS\system32\gp46l3hs1.dll
Infected! C:\WINDOWS\system32\mrgina.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\hrrm0591e.dll
C:\WINDOWS\system32\hrrm0591e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819206.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819224.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819224.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819285.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819285.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819304.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP199\A0819304.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819661.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819661.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819702.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP200\A0819702.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819749.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819749.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819775.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819775.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819808.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819808.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819845.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP201\A0819845.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819962.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819962.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819967.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819967.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819990.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0819990.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820007.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820007.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820058.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP202\A0820058.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820220.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820220.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820225.dll
C:\System Volume Information\_restore{FF2640C6-614A-491E-B4A5-1A38710B609D}\RP207\A0820225.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kudtuf.dll
C:\WINDOWS\system32\kudtuf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\frswzrd.dll
C:\WINDOWS\system32\frswzrd.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mycat32.dll
C:\WINDOWS\system32\mycat32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrrm0591e.dll
C:\WINDOWS\system32\hrrm0591e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp46l3hs1.dll
C:\WINDOWS\system32\gp46l3hs1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mrgina.dll
C:\WINDOWS\system32\mrgina.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{81DE1794-839C-4E7B-86A0-376B6C9732A2}"
HKCR\Clsid\{81DE1794-839C-4E7B-86A0-376B6C9732A2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D4DD0FC4-782A-4DF2-81EC-9321BC144C79}"
HKCR\Clsid\{D4DD0FC4-782A-4DF2-81EC-9321BC144C79}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{96D9B38D-6C0C-4DFC-841F-E17B7A2A6E59}"
HKCR\Clsid\{96D9B38D-6C0C-4DFC-841F-E17B7A2A6E59}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AAFCF8C7-A956-4AF4-AAE3-7612C61C0044}"
HKCR\Clsid\{AAFCF8C7-A956-4AF4-AAE3-7612C61C0044}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{89701280-69D6-4508-BAF3-5DBAABE9E010}"
HKCR\Clsid\{89701280-69D6-4508-BAF3-5DBAABE9E010}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#11 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 15 May 2006 - 09:25 PM

Panda:
Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\FOUND.093\FILE0000.CHK
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Virus:Trj/HideProc.B Disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\1.tmp
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\toolbar.dll
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THICC1.tmp\twaintec.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\alchem.inf
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\uninstall.exe
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\alchem.ini
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\~DFCF65.tmp
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\twaintec.inf
Adware:Adware/DelFinMedia Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\vmstmp\vmstmp.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\nsdtmp09.dll
Adware:Adware/SearchAid Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\Perflib_Perfdata_d0c.dat
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\!update.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\auf0.exe
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THI5739.tmp\localNrd.inf
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\i6D.tmp
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD6.tmp\installer_ICMEDIAX.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD8.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\~apropos0\CxtPls.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD9.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\U6B.tmp
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD11.tmp\installer_ICMEDIAX.exe
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\ICD10.tmp\installer_ICMEDIAX.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\THIC2E.tmp\zserv.inf
Adware:Adware/Gator Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\GUUA2.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temp\unA4.tmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\ULC3MZSD\casino[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\ULC3MZSD\casino-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\8I7LF0ZE\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\8I7LF0ZE\drugs[1].bmp
Spyware:Spyware/Overpro Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\AppWrap[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\fav-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\dating-ico[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\WUELFZ9O\drugs-ico[1].bmp
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\0Y8I18UG\AppWrap[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\0Y8I18UG\fav[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Yoseph\Local Settings\Temporary Internet Files\Content.IE5\0Y8I18UG\virus[1].bmp
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@com[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@kount[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rn11[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@.doubleclick[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@112.2o7[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@smni[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@fe.lea.lycos[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@xiti[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@hg1.hitbox[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@ads.gorillanation[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.nick[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@fe.lea.lycos[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@go[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@ilead.itrack[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rn11[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@hg1.hitbox[2].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@webmail.netzero[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[3].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.xzoomy[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rightmedia[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@abetterinternet[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@banner[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@newnet.qsrch[1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.mp3bleeps[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.xzoomy[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@atwola[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@web.tickle[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@pop.mircx[2].txt
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.buzztone[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@888[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.burstbeacon[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@trafficmp[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@webpower[1].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@install.xxxtoolbar[1].txt
Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@www.xxxtoolbar[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@adultfriendfinder[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@offeroptimizer[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@abetterinternet[3].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Yoseph\Cookies\yoseph@rightmedia[3].txt
Adware:Adware/SearchAid Not disinfected C:\Documents and Settings\Yoseph\Application Data\Microsoft\Word\~WRL2148.tmp
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Yoseph\Application Data\edsu.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~apropos0\ProxyStub.dll
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~apropos0\WinGenerics.dll
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\~apropos0\uninstaller.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\THI3273.tmp\zserv.inf
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@c.goclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@fastclick[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@belnk[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@ad.yieldmanager[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@ath.belnk[1].txt
Spyware:Cookie/Sidefind Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@www.sidefind[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@dist.belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@c.enhance[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@cliks[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@winfixer[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@stats1.reliablestats[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@banner[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@burstnet[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@btg.btgrab[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@azjmp[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@paypopup[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@xiti[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@888[2].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@bestoffersnetworks[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@ad.yieldmanager[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@offeroptimizer[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Cookies\new account@cassava[1].txt
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\istsv_.exe
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\new account\Local Settings\Temp\Perflib_Perfdata_1584.dat
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\new account\Cookies\new account@www.burstbeacon[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\new account\Cookies\new account@go[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\new account\Cookies\new account@yadro[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\new account\Cookies\new account@c.enhance[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\new account\Cookies\new account@image.checkmystats.com[2].txt
Spyware:Cookie/Sidefind Not disinfected C:\Documents and Settings\new account\Cookies\new account@www.sidefind[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[1].txt
Spyware:Cookie/Bettersearch Not disinfected C:\Documents and Settings\new account\Cookies\new account@index[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\new account\Cookies\new account@www.advnt01[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Cookies\new account@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Cookies\new account@banner[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\new account\Cookies\new account@webpower[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\new account\Cookies\new account@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@ath.belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\new account\Cookies\new account@com[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\new account\Cookies\new account@stats1.reliablestats[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\new account\Cookies\new account@ad.yieldmanager[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Cookies\new account@winfixer[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\new account\Cookies\new account@burstnet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\new account\Cookies\new account@ad.yieldmanager[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@cliks[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@ath.belnk[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\new account\Cookies\new account@yadro[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\new account\Cookies\new account@2o7[4].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\new account\Cookies\new account@adultfriendfinder[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\new account\Cookies\new account@winfixer[3].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\new account\Cookies\new account@banner[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\new account\Cookies\new account@112.2o7[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\new account\Cookies\new account@burstnet[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@belnk[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\new account\Cookies\new account@888[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@bestoffersnetworks[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\new account\Cookies\new account@cassava[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\new account\Cookies\new account@offeroptimizer[4].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\new account\Cookies\new account@desktop.kazaa[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\new account\Cookies\new account@azjmp[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\new account\Cookies\new account@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\new account\Cookies\new account@searchportal.information[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\new account\Cookies\new account@cliks[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\new account\Cookies\new account@atwola[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\new account\Cookies\new account@www.burstbeacon[3].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\new account\Cookies\new account@toplist[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\new account\Cookies\new account@dist.belnk[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\new account\Cookies\new account@i.screensavers[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\new account\Cookies\new account@btg.btgrab[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\new account\Cookies\new account@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\new account\Cookies\new account@stats1.reliablestats[1].txt

Edited by skepticlial, 15 May 2006 - 09:31 PM.


#12 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 15 May 2006 - 09:35 PM

Panda continued: (sorry)
Virus:Trj/Downloader.AYV Disinfected C:\bintheredunthat\Tagasaurus.exe
Virus:Trj/Downloader.ILI Disinfected C:\bintheredunthat\w08b1c0f.dll
Virus:Trj/Downloader.ILI Disinfected C:\bintheredunthat\w00421ad.dll
Spyware:Cookie/Go Not disinfected C:\Old Hard Drive\Documents and Settings\Yosef\Cookies\yosef@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Old Hard Drive\Documents and Settings\Yosef\Cookies\yosef@pop.mircx[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Old Hard Drive\WINDOWS\Temp\DSP18.tmp
Spyware:Cookie/Advertising Not disinfected C:\FOUND.021\FILE0005.CHK
Virus:Backdoor Program Disinfected C:\FOUND.022\FILE0003.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.027\FILE0005.CHK
Spyware:Cookie/Linksynergy Not disinfected C:\FOUND.027\FILE0006.CHK
Spyware:Cookie/Gator Not disinfected C:\FOUND.027\FILE0007.CHK
Spyware:Cookie/Overture Not disinfected C:\FOUND.034\FILE0001.CHK
Spyware:Cookie/WebPower Not disinfected C:\FOUND.035\FILE0002.CHK
Spyware:Cookie/FastClick Not disinfected C:\FOUND.037\FILE0006.CHK
Spyware:Spyware/New.net Not disinfected C:\NNSCAA638.EXE
Adware:Adware/WinTools Not disinfected C:\FOUND.072\FILE0001.CHK[IExploreSkins.exe]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.102\FILE0003.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.103\FILE0013.CHK
Spyware:Cookie/OfferOptimizer Not disinfected C:\FOUND.103\FILE0014.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.105\FILE0000.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.111\FILE0003.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.112\FILE0009.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.112\FILE0012.CHK
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.112\FILE0015.CHK
Spyware:Cookie/Mydailyhoroscope Not disinfected C:\FOUND.112\FILE0022.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.117\FILE0001.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.117\FILE0007.CHK
Adware:Adware/Deskwizz Not disinfected C:\VSL.dl_
Adware:Adware/SearchAid Not disinfected C:\FOUND.119\FILE0003.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.125\FILE0001.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.125\FILE0002.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.125\FILE0006.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.125\FILE0007.CHK
Spyware:Cookie/Centralmedia Not disinfected C:\FOUND.127\FILE0005.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.128\FILE0000.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.128\FILE0001.CHK
Adware:Adware/Exact.SearchBar Not disinfected C:\FOUND.128\FILE0005.CHK
Adware:Adware/SearchAid Not disinfected C:\FOUND.131\FILE0013.CHK
Spyware:Cookie/FastClick Not disinfected C:\FOUND.152\FILE0006.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.160\FILE0076.CHK
Spyware:Cookie/bravenetA Not disinfected C:\FOUND.161\FILE0003.CHK
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.173\FILE0033.CHK
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.179\FILE0001.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.179\FILE0015.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.185\FILE0001.CHK
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.195\FILE0024.CHK
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.198\FILE0010.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.214\FILE0000.CHK
Adware:Adware/Exact.BargainBuddy Not disinfected C:\FOUND.229\FILE0004.CHK
Spyware:Cookie/Rightmedia Not disinfected C:\FOUND.233\FILE0127.CHK
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.233\FILE0132.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.233\FILE0141.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.233\FILE0142.CHK
Spyware:Cookie/Reliablestats Not disinfected C:\FOUND.233\FILE0146.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.233\FILE0148.CHK
Spyware:Cookie/Adserver Not disinfected C:\FOUND.233\FILE0179.CHK
Spyware:Cookie/Overture Not disinfected C:\FOUND.233\FILE0184.CHK
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.233\FILE0191.CHK
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.233\FILE0264.CHK
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.233\FILE0292.CHK
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.233\FILE0299.CHK
Spyware:Cookie/CentrPort Not disinfected C:\FOUND.233\FILE0335.CHK
Spyware:Cookie/Maxserving Not disinfected C:\FOUND.233\FILE0358.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.233\FILE0359.CHK
Spyware:Cookie/Mp3s Hits Not disinfected C:\FOUND.233\FILE0478.CHK
Spyware:Cookie/64.62.232 Not disinfected C:\FOUND.233\FILE0483.CHK
Spyware:Cookie/Hbmediapro Not disinfected C:\FOUND.233\FILE0487.CHK
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.233\FILE0495.CHK
Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.233\FILE0497.CHK
Spyware:Cookie/Mp3search Not disinfected C:\FOUND.233\FILE0505.CHK
Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.233\FILE0506.CHK
Spyware:Cookie/Overture Not disinfected C:\FOUND.233\FILE0533.CHK
Spyware:Cookie/FastClick Not disinfected C:\FOUND.233\FILE0546.CHK
Spyware:Cookie/Rn11 Not disinfected C:\FOUND.233\FILE0703.CHK
Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.233\FILE0775.CHK
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.233\FILE0864.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.233\FILE0874.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE0875.CHK
Spyware:Cookie/CentrPort Not disinfected C:\FOUND.233\FILE0887.CHK
Spyware:Cookie/DomainSponsor Not disinfected C:\FOUND.233\FILE0896.CHK
Spyware:Cookie/Com.com Not disinfected C:\FOUND.233\FILE0897.CHK
Spyware:Cookie/Linksynergy Not disinfected C:\FOUND.233\FILE0898.CHK
Spyware:Cookie/WUpd Not disinfected C:\FOUND.233\FILE0900.CHK
Spyware:Cookie/Bfast Not disinfected C:\FOUND.233\FILE0904.CHK
Spyware:Cookie/DomainSponsor Not disinfected C:\FOUND.233\FILE0988.CHK
Spyware:Cookie/Com.com Not disinfected C:\FOUND.233\FILE0993.CHK
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.233\FILE0997.CHK
Spyware:Cookie/bravenetA Not disinfected C:\FOUND.233\FILE1028.CHK
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.233\FILE1044.CHK
Spyware:Cookie/WUpd Not disinfected C:\FOUND.233\FILE1045.CHK
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.233\FILE1053.CHK
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.233\FILE1068.CHK
Adware:Adware/Dyfuca Not disinfected C:\FOUND.233\FILE1184.CHK
Spyware:Cookie/Overture Not disinfected C:\FOUND.233\FILE1204.CHK
Spyware:Cookie/Atwola Not disinfected C:\FOUND.233\FILE1246.CHK
Spyware:Cookie/Ccbill Not disinfected C:\FOUND.233\FILE1290.CHK
Spyware:Cookie/Kount Not disinfected C:\FOUND.233\FILE1291.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.233\FILE1323.CHK
Spyware:Cookie/WebtrendsLive Not disinfected C:\FOUND.233\FILE1338.CHK
Spyware:Cookie/Seeq Not disinfected C:\FOUND.233\FILE1342.CHK
Spyware:Cookie/Seeq Not disinfected C:\FOUND.233\FILE1345.CHK
Spyware:Cookie/seeqA Not disinfected C:\FOUND.233\FILE1351.CHK
Spyware:Cookie/Valueclick Not disinfected C:\FOUND.233\FILE1353.CHK
Potentially unwanted tool:Application/Zango Not disinfected C:\FOUND.233\FILE1380.CHK
Spyware:Cookie/Overture Not disinfected C:\FOUND.233\FILE1394.CHK
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.233\FILE1431.CHK
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.233\FILE1524.CHK
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.233\FILE1584.CHK
Spyware:Cookie/Atwola Not disinfected C:\FOUND.233\FILE1753.CHK
Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.233\FILE1764.CHK
Spyware:Cookie/64.62.232 Not disinfected C:\FOUND.233\FILE1783.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.233\FILE1836.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.233\FILE1837.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.233\FILE1886.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE2081.CHK
Spyware:Cookie/did-it Not disinfected C:\FOUND.233\FILE2135.CHK
Adware:Adware/Exact.BargainBuddy Not disinfected C:\FOUND.233\FILE2150.CHK
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.233\FILE2195.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.233\FILE2196.CHK
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.233\FILE2199.CHK
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.233\FILE2207.CHK
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.233\FILE2227.CHK
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.233\FILE2247.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.233\FILE2248.CHK
Spyware:Cookie/Linksynergy Not disinfected C:\FOUND.233\FILE2303.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.233\FILE2318.CHK
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.233\FILE2334.CHK
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.233\FILE2373.CHK
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.233\FILE2384.CHK
Spyware:Cookie/FastClick Not disinfected C:\FOUND.233\FILE2390.CHK
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.233\FILE2430.CHK
Spyware:Cookie/Zedo Not disinfected C:\FOUND.233\FILE2441.CHK
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.233\FILE2451.CHK
Spyware:Cookie/Falkag Not disinfected C:\FOUND.233\FILE2461.CHK
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.233\FILE2463.CHK
Spyware:Cookie/Searchportal Not disinfected C:\FOUND.233\FILE2472.CHK
Spyware:Cookie/WUpd Not disinfected C:\FOUND.233\FILE2473.CHK
Spyware:Cookie/Atwola Not disinfected C:\FOUND.233\FILE2475.CHK
Spyware:Cookie/Valueclick Not disinfected C:\FOUND.233\FILE2480.CHK
Spyware:Cookie/Buzztone Not disinfected C:\FOUND.233\FILE2484.CHK
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.233\FILE2497.CHK
Adware:Adware/IST.ISTBar Not disinfected C:\FOUND.233\FILE2528.CHK
Spyware:Cookie/PayCounter Not disinfected C:\FOUND.233\FILE2600.CHK
Spyware:Cookie/Valueclick Not disinfected C:\FOUND.233\FILE2610.CHK
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.233\FILE2623.CHK
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.233\FILE2770.CHK
Spyware:Cookie/Adserver Not disinfected C:\FOUND.233\FILE2791.CHK
Spyware:Cookie/Bfast Not disinfected C:\FOUND.233\FILE2793.CHK
Spyware:Cookie/QkSrv Not disinfected C:\FOUND.233\FILE2794.CHK
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.233\FILE2799.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE2801.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE2829.CHK
Spyware:Cookie/Coremetrics Not disinfected C:\FOUND.233\FILE2836.CHK
Spyware:Cookie/Sidefind Not disinfected C:\FOUND.233\FILE2871.CHK
Spyware:Cookie/Sidefind Not disinfected C:\FOUND.233\FILE2878.CHK
Spyware:Cookie/Zedo Not disinfected C:\FOUND.233\FILE2883.CHK
Spyware:Cookie/WinFixer Not disinfected C:\FOUND.233\FILE2904.CHK
Spyware:Cookie/CentrPort Not disinfected C:\FOUND.233\FILE2914.CHK
Spyware:Cookie/seeqA Not disinfected C:\FOUND.233\FILE2922.CHK
Spyware:Cookie/Seeq Not disinfected C:\FOUND.233\FILE2927.CHK
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.233\FILE2943.CHK
Spyware:Cookie/Findwhat Not disinfected C:\FOUND.233\FILE2985.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.233\FILE3014.CHK
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.233\FILE3025.CHK
Spyware:Cookie/Clickbank Not disinfected C:\FOUND.233\FILE3026.CHK
Spyware:Cookie/Maxserving Not disinfected C:\FOUND.233\FILE3030.CHK
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.233\FILE3034.CHK
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.233\FILE3035.CHK
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.233\FILE3087.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE3112.CHK
Spyware:Cookie/Adrevolver Not disinfected C:\FOUND.233\FILE3113.CHK
Spyware:Cookie/Banner Not disinfected C:\FOUND.233\FILE3114.CHK

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 16 May 2006 - 12:16 AM

Hello,

I still need a new hijackthislog. :thumbsup:

Delete next files/folders:

C:\keys.ini
C:\Old Hard Drive\WINDOWS\Temp\DSP18.tmp
C:\NNSCAA638.EXE
C:\FOUND.198
C:\FOUND.214
C:\FOUND.229
C:\FOUND.233
.... well, delete any FOUND.*** folder present there - they all look similar

Download CCleaner
1. During the install uncheck to install the Yahoo Toolbar
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.


In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Perform this with Ccleaner for every account ( Yoseph, Guest, LocalService.NT AUTHORITY, new account)

Then post a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 skepticlial

skepticlial
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 16 May 2006 - 05:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:23:45 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\1133833671\ee\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\common files\aol\1133833671\ee\aim6.exe
C:\Program Files\Symantec\SYMEVENT.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\new account.COMPUTER-613\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\citol.exe
F2 - REG:system.ini: UserInit=userinit.exe,measwqw.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FastDownloads - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Yosef\Application Data\FastDownloads[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:54 PM

Posted 16 May 2006 - 06:14 PM

Hello,

Your system is still infected though - and I see you have Kazaa still installed. Please uninstall it, because Kazaa is bundled with spyware and I see The best Offers is still present as well (which is spyware that kazaa installs). As long as you keep Kazaa present on your system, you can never keep your system clean.
Also take a look here for better alternatives and which p2p programs NOT to install: http://www.spywareinfo.com/articles/p2p/

You are using Download Accelerator - DAP Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlman
I suggest you remove it.

So please go to start > controlpanel > software > add/remove programs and uninstall next:

Kazaa
The best Offers
DAP


Reboot afterwards, really important!!

Normally alcanshorty should be present on your desktop now, in an own folder called alcanshorty. In that folder, next file should be present: bfu.exe
Can you move that folder (alcanshorty) to your C:\ ?
Once moved,
[*]Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\alcanshorty - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
    your system will reboot.
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.infospace.com;*.instafinder.com;*.nation.com;64.136.29.30;64.136.21.30;64.136.29.34;infospace.com;instafinder.com;nation.com;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\citol.exe
F2 - REG:system.ini: UserInit=userinit.exe,measwqw.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - blank (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - blank (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: FastDownloads - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Yosef\Application Data\FastDownloads[1].exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next folders:

C:\Program Files\TBONBin
C:\Program Files\Kazaa
C:\Program Files\Registry Cleaner Trial
C:\Program Files\DAP

Reboot once again and post a new hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users