Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon Using 100% Cpu


  • Please log in to reply
6 replies to this topic

#1 zeewolf

zeewolf

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 14 June 2006 - 02:46 PM

Hey guys, i been looking round endless forums and seen way too many differnent answers and soutions to this so i've given up and decided to ask some1 personally. HiJackThis seems to be the usual starting point, so here my log:

Logfile of HijackThis v1.99.1
Scan saved at 20:29:12, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58232ED1-11E7-4B47-934C-CE20B2EDEFD9}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

At the moment, I get anywhere between 5-20mins of working time before winlogon takes over, after that, unplugged my network cable and restarting seems to be the quickest way of getting back to normality.
I'd appriciate any help! :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 04:25 AM

Hi zeewolf and Welcome to the Bleeping Computer!


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162

O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\winhab32.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart Normal and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#3 zeewolf

zeewolf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 15 June 2006 - 08:53 AM

F-Secure:

Scanning Report
Thursday, June 15, 2006 14:01:18 - 14:47:48

Computer name: PATRIOT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\
Result: 33 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Clicker.Win32.VB.cr (virus)

* F:\DOWNLOADS\TEMP\WINDOWS XP - ACTIVATION CRACK (HOME EDITION & PROFESSIONAL).EXE (Submitted)

Trojan-Downloader.JS.gen (virus)

* F:\APPS\SAMURIZE\SCRIPTS\HUMANCLOCK_RETRIEVER.JS (Submitted)

Trojan-Downloader.Win32.Swizzor.co (virus)

* C:\DOCUMENTS AND SETTINGS\SI\LOCAL SETTINGS\TEMP\BIS2DDA.EXE (Renamed & Submitted)

istbar (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 29098
* System: 5573
* Not scanned: 8

Actions:

* Disinfected: 2
* Renamed: 1
* Deleted: 0
* None: 30
* Submitted: 3

Files not scanned:

* C:\PAGEFILE.SYS
* C:\HIBERFIL.SYS
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{1572DDB2-E3D1-41BC-9F94-D75DE45C72FA}\RP269\A0067054.DLL
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{D646C369-E3DE-493E-9FAE-D698B76D92B6}.BIN
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD5181.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-06-15
* F-Secure Libra: 2.4.1, 2006-06-14
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Orion: 1.2.37, 2006-06-12
* F-Secure Pegasus: 1.19.0, 2006-05-14
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics


Logfile of HijackThis v1.99.1
Scan saved at 14:50:13, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MessengerPlus\MsgPlus.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus\MsgPlus.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58232ED1-11E7-4B47-934C-CE20B2EDEFD9}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#4 zeewolf

zeewolf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 15 June 2006 - 08:55 AM

Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


Didn't get this message.

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2006 - 03:27 PM

Have HijackThis fix this entry

O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#6 zeewolf

zeewolf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 16 June 2006 - 09:41 AM

Ran WinPFind in safe mode several times, but after a few minutes it just stopped responding at this point:
Posted Image

Panda Scan:
Incident Status Location

Adware:adware/winres Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\Temp\win38.tmp.exe
Virus:Trj/DNSChanger.GG Disinfected C:\WINDOWS\Temp\win147F.tmp.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\Temp\win51C6.tmp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Si\Local Settings\Temp\BIS2DDA.0XE
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Si\Cookies\si@ad.yieldmanager[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Si\Cookies\si@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Si\Cookies\si@doubleclick[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Si\Cookies\si@as-eu.falkag[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Si\Cookies\si@888[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Si\Cookies\si@fastclick[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Si\Cookies\si@burstnet[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Si\Cookies\si@statcounter[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Si\Cookies\si@adtech[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Si\Cookies\si@mediaplex[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Si\Cookies\si@casalemedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.112.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.112.2o7.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.2o7.net/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.as-eu.falkag.net/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.888.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents
and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.valueclick.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.as-us.falkag.net/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.a.as-us.falkag.net/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[as1.falkag.de/]

Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.winfixer.com/]

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adopt.hbmediapro.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.hitbox.com/]

Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.adviva.net/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.overture.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[stats1.reliablestats.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.server.iad.liveperson.net/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[server.iad.liveperson.net/hc/614779]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.247realmedia.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.ehg-ati.hitbox.com/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.errorsafe.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.xmts.net/]

Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.qksrv.net/]

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.zedo.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[dbbsrv.com/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.com.com/]

Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.spylog.com/]

Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.hotlog.ru/]

Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.tucows.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.research-int.se/]

Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.bfast.com/]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.xiti.com/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.advertising.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.revenue.net/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.xmts.net/]

Spyware:Cookie/Valueclick Not disinfected C:\Documents
and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.valueclick.com/]

Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.adviva.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\h3cuv4zu.default\cookies.txt[.adrevolver.com/]

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 June 2006 - 06:52 PM

Looks like the Panda log got cut off.

Can you repost it and edit out all the entries like these

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Si\Cookies\si@casalemedia[2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Si\Application Data\Mozilla\Firefox\Profiles\w3goe3z2.default\cookies.txt[.2o7.net/]




Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Make sure to use the Firefox Option in ATF.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users