Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected Majorly


  • This topic is locked This topic is locked
8 replies to this topic

#1 Cluelessperson

Cluelessperson

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 July 2006 - 10:27 PM

Ok... i've been here before on a different computer at a different house and had much help with that computer. This one is worse than my other and has been infected longer. Some of the problems include something that seems to be straining my internet connection before anything on my computer is using it and several failed dll's that attempt to run at startup(i think i deleted them but not their source). It would be really helpful if someone could help me fix my computer.

Edit: OMG OMG OMG IM AN IDIOT!!!!!.... this is 2 times ive posted my damn log in the wrong section(dif comps i mean but i can't believe i made the same mistake)

Could someone please move my log into the proper section?

Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:18:27 PM, on 7/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brendan\Application Data\?ecurity\m?iexec.exe
C:\PROGRA~1\COMMON~1\STEM~1\javaw.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Brendan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,ptnjtqh.exe
O2 - BHO: (no name) - {700F2194-9427-CAAA-0073-BE8ED996CBC4} - C:\WINDOWS\system32\lmyfn.dll (file missing)
O2 - BHO: (no name) - {79E84750-DBD7-88E1-3EBE-008D1F52A3E7} - C:\DOCUME~1\Brendan\APPLIC~1\BLEHID~1\Web Upload.exe (file missing)
O2 - BHO: svchosts.cMapp_2F47968E9FBE - {D3150260-5753-454D-9923-26CF37C6FECC} - C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Search - {0CF6EB26-BF6C-4EA4-B5E2-70361E2A1B2A} - C:\WINDOWS\Jlhvytoa.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [sys01074474698] C:\WINDOWS\sys01074474698.exe
O4 - HKLM\..\Run: [win3207698074474] C:\WINDOWS\win3207698074474.exe
O4 - HKLM\..\Run: [sys09807447469] C:\WINDOWS\sys09807447469.exe
O4 - HKLM\..\Run: [w00235db.dll] RUNDLL32.EXE w00235db.dll,I2 00009273000235db
O4 - HKLM\..\Run: [jcngcaaA] C:\WINDOWS\jcngcaaA.exe
O4 - HKLM\..\Run: [w000ea21.dll] RUNDLL32.EXE w000ea21.dll,I2 000092730000ea21
O4 - HKLM\..\Run: [w001eae7.dll] RUNDLL32.EXE w001eae7.dll,I2 000092730001eae7
O4 - HKLM\..\Run: [w000afa8.dll] RUNDLL32.EXE w000afa8.dll,I2 000092730000afa8
O4 - HKLM\..\Run: [w00098d5.dll] RUNDLL32.EXE w00098d5.dll,I2 00009273000098d5
O4 - HKLM\..\Run: [w00273ee.dll] RUNDLL32.EXE w00273ee.dll,I2 00009273000273ee
O4 - HKLM\..\Run: [w000db1d.dll] RUNDLL32.EXE w000db1d.dll,I2 000092730000db1d
O4 - HKLM\..\Run: [w001292e.dll] RUNDLL32.EXE w001292e.dll,I2 000092730001292e
O4 - HKLM\..\Run: [w000c488.dll] RUNDLL32.EXE w000c488.dll,I2 000092730000c488
O4 - HKLM\..\Run: [w000e3c8.dll] RUNDLL32.EXE w000e3c8.dll,I2 000092730000e3c8
O4 - HKLM\..\Run: [w0093abb.dll] RUNDLL32.EXE w0093abb.dll,I2 0000927300093abb
O4 - HKLM\..\Run: [w000f4b0.dll] RUNDLL32.EXE w000f4b0.dll,I2 000092730000f4b0
O4 - HKLM\..\Run: [w001ce67.dll] RUNDLL32.EXE w001ce67.dll,I2 000092730001ce67
O4 - HKLM\..\Run: [w0010e14.dll] RUNDLL32.EXE w0010e14.dll,I2 0000927300010e14
O4 - HKLM\..\Run: [w0009eff.dll] RUNDLL32.EXE w0009eff.dll,I2 0000927300009eff
O4 - HKLM\..\Run: [w000ef32.dll] RUNDLL32.EXE w000ef32.dll,I2 000092730000ef32
O4 - HKLM\..\Run: [w0031ee3.dll] RUNDLL32.EXE w0031ee3.dll,I2 0000927300031ee3
O4 - HKLM\..\Run: [w000a354.dll] RUNDLL32.EXE w000a354.dll,I2 000092730000a354
O4 - HKLM\..\Run: [w0012110.dll] RUNDLL32.EXE w0012110.dll,I2 0000927300012110
O4 - HKLM\..\Run: [w001002a.dll] RUNDLL32.EXE w001002a.dll,I2 000092730001002a
O4 - HKLM\..\Run: [w0012584.dll] RUNDLL32.EXE w0012584.dll,I2 0000927300012584
O4 - HKLM\..\Run: [w0009c01.dll] RUNDLL32.EXE w0009c01.dll,I2 0000927300009c01
O4 - HKLM\..\Run: [w000c93b.dll] RUNDLL32.EXE w000c93b.dll,I2 000092730000c93b
O4 - HKLM\..\Run: [w000f889.dll] RUNDLL32.EXE w000f889.dll,I2 000092730000f889
O4 - HKLM\..\Run: [w004fd67.dll] RUNDLL32.EXE w004fd67.dll,I2 000092730004fd67
O4 - HKLM\..\Run: [w00088d7.dll] RUNDLL32.EXE w00088d7.dll,I2 00009273000088d7
O4 - HKLM\..\Run: [w000d6d8.dll] RUNDLL32.EXE w000d6d8.dll,I2 000092730000d6d8
O4 - HKLM\..\Run: [w0074a64.dll] RUNDLL32.EXE w0074a64.dll,I2 0000927300074a64
O4 - HKLM\..\Run: [w01c1c2a.dll] RUNDLL32.EXE w01c1c2a.dll,I2 00009273001c1c2a
O4 - HKLM\..\Run: [w08af359.dll] RUNDLL32.EXE w08af359.dll,I2 00009273008af359
O4 - HKLM\..\Run: [Mode coal mfcd stupid] C:\Documents and Settings\All Users\Application Data\Dog Type Mode Coal\webbits.exe
O4 - HKLM\..\Run: [w000c207.dll] RUNDLL32.EXE w000c207.dll,I2 000092730000c207
O4 - HKLM\..\Run: [w001023d.dll] RUNDLL32.EXE w001023d.dll,I2 000092730001023d
O4 - HKLM\..\Run: [w017374c.dll] RUNDLL32.EXE w017374c.dll,I2 000092730017374c
O4 - HKLM\..\Run: [w00a153c.dll] RUNDLL32.EXE w00a153c.dll,I2 00009273000a153c
O4 - HKLM\..\Run: [w000e59d.dll] RUNDLL32.EXE w000e59d.dll,I2 000092730000e59d
O4 - HKLM\..\Run: [w037ddb2.dll] RUNDLL32.EXE w037ddb2.dll,I2 000092730037ddb2
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [kdbtk] C:\WINDOWS\system32\oppbjl.exe reg_run
O4 - HKCU\..\Run: [Tkgpst] C:\Documents and Settings\Brendan\Application Data\?ecurity\m?iexec.exe
O4 - HKCU\..\Run: [64 16] C:\DOCUME~1\Brendan\APPLIC~1\DRIVET~1\Film Bat Cast.exe
O4 - HKCU\..\Run: [Udbt] "C:\PROGRA~1\COMMON~1\STEM~1\javaw.exe" -vt ndrv
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132092414139
O20 - AppInit_DLLs: C:\WINDOWS\system32\nopdb.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fp2s03f7e.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\n26qlcj51fo.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\gpnsl3571.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Cluelessperson, 20 July 2006 - 01:35 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 PM

Posted 20 July 2006 - 07:20 AM

Hello,

I actually don't understand why, when a system is terribly infected, why you don't install an antivirus and a firewall?
This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Then,

It is important you don't miss a step and perform everything in the right order!!

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Morpheus Toolbar
VCClient
Download Plugin for Internet Explorer
Zone Media
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,ptnjtqh.exe
O2 - BHO: (no name) - {700F2194-9427-CAAA-0073-BE8ED996CBC4} - C:\WINDOWS\system32\lmyfn.dll (file missing)
O2 - BHO: (no name) - {79E84750-DBD7-88E1-3EBE-008D1F52A3E7} - C:\DOCUME~1\Brendan\APPLIC~1\BLEHID~1\Web Upload.exe (file missing)
O2 - BHO: svchosts.cMapp_2F47968E9FBE - {D3150260-5753-454D-9923-26CF37C6FECC} - C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL
O3 - Toolbar: Search - {0CF6EB26-BF6C-4EA4-B5E2-70361E2A1B2A} - C:\WINDOWS\Jlhvytoa.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O4 - HKLM\..\Run: [sys01074474698] C:\WINDOWS\sys01074474698.exe
O4 - HKLM\..\Run: [win3207698074474] C:\WINDOWS\win3207698074474.exe
O4 - HKLM\..\Run: [sys09807447469] C:\WINDOWS\sys09807447469.exe
O4 - HKLM\..\Run: [w00235db.dll] RUNDLL32.EXE w00235db.dll,I2 00009273000235db
O4 - HKLM\..\Run: [jcngcaaA] C:\WINDOWS\jcngcaaA.exe
O4 - HKLM\..\Run: [w000ea21.dll] RUNDLL32.EXE w000ea21.dll,I2 000092730000ea21
O4 - HKLM\..\Run: [w001eae7.dll] RUNDLL32.EXE w001eae7.dll,I2 000092730001eae7
O4 - HKLM\..\Run: [w000afa8.dll] RUNDLL32.EXE w000afa8.dll,I2 000092730000afa8
O4 - HKLM\..\Run: [w00098d5.dll] RUNDLL32.EXE w00098d5.dll,I2 00009273000098d5
O4 - HKLM\..\Run: [w00273ee.dll] RUNDLL32.EXE w00273ee.dll,I2 00009273000273ee
O4 - HKLM\..\Run: [w000db1d.dll] RUNDLL32.EXE w000db1d.dll,I2 000092730000db1d
O4 - HKLM\..\Run: [w001292e.dll] RUNDLL32.EXE w001292e.dll,I2 000092730001292e
O4 - HKLM\..\Run: [w000c488.dll] RUNDLL32.EXE w000c488.dll,I2 000092730000c488
O4 - HKLM\..\Run: [w000e3c8.dll] RUNDLL32.EXE w000e3c8.dll,I2 000092730000e3c8
O4 - HKLM\..\Run: [w0093abb.dll] RUNDLL32.EXE w0093abb.dll,I2 0000927300093abb
O4 - HKLM\..\Run: [w000f4b0.dll] RUNDLL32.EXE w000f4b0.dll,I2 000092730000f4b0
O4 - HKLM\..\Run: [w001ce67.dll] RUNDLL32.EXE w001ce67.dll,I2 000092730001ce67
O4 - HKLM\..\Run: [w0010e14.dll] RUNDLL32.EXE w0010e14.dll,I2 0000927300010e14
O4 - HKLM\..\Run: [w0009eff.dll] RUNDLL32.EXE w0009eff.dll,I2 0000927300009eff
O4 - HKLM\..\Run: [w000ef32.dll] RUNDLL32.EXE w000ef32.dll,I2 000092730000ef32
O4 - HKLM\..\Run: [w0031ee3.dll] RUNDLL32.EXE w0031ee3.dll,I2 0000927300031ee3
O4 - HKLM\..\Run: [w000a354.dll] RUNDLL32.EXE w000a354.dll,I2 000092730000a354
O4 - HKLM\..\Run: [w0012110.dll] RUNDLL32.EXE w0012110.dll,I2 0000927300012110
O4 - HKLM\..\Run: [w001002a.dll] RUNDLL32.EXE w001002a.dll,I2 000092730001002a
O4 - HKLM\..\Run: [w0012584.dll] RUNDLL32.EXE w0012584.dll,I2 0000927300012584
O4 - HKLM\..\Run: [w0009c01.dll] RUNDLL32.EXE w0009c01.dll,I2 0000927300009c01
O4 - HKLM\..\Run: [w000c93b.dll] RUNDLL32.EXE w000c93b.dll,I2 000092730000c93b
O4 - HKLM\..\Run: [w000f889.dll] RUNDLL32.EXE w000f889.dll,I2 000092730000f889
O4 - HKLM\..\Run: [w004fd67.dll] RUNDLL32.EXE w004fd67.dll,I2 000092730004fd67
O4 - HKLM\..\Run: [w00088d7.dll] RUNDLL32.EXE w00088d7.dll,I2 00009273000088d7
O4 - HKLM\..\Run: [w000d6d8.dll] RUNDLL32.EXE w000d6d8.dll,I2 000092730000d6d8
O4 - HKLM\..\Run: [w0074a64.dll] RUNDLL32.EXE w0074a64.dll,I2 0000927300074a64
O4 - HKLM\..\Run: [w01c1c2a.dll] RUNDLL32.EXE w01c1c2a.dll,I2 00009273001c1c2a
O4 - HKLM\..\Run: [w08af359.dll] RUNDLL32.EXE w08af359.dll,I2 00009273008af359
O4 - HKLM\..\Run: [Mode coal mfcd stupid] C:\Documents and Settings\All Users\Application Data\Dog Type Mode Coal\webbits.exe
O4 - HKLM\..\Run: [w000c207.dll] RUNDLL32.EXE w000c207.dll,I2 000092730000c207
O4 - HKLM\..\Run: [w001023d.dll] RUNDLL32.EXE w001023d.dll,I2 000092730001023d
O4 - HKLM\..\Run: [w017374c.dll] RUNDLL32.EXE w017374c.dll,I2 000092730017374c
O4 - HKLM\..\Run: [w00a153c.dll] RUNDLL32.EXE w00a153c.dll,I2 00009273000a153c
O4 - HKLM\..\Run: [w000e59d.dll] RUNDLL32.EXE w000e59d.dll,I2 000092730000e59d
O4 - HKLM\..\Run: [w037ddb2.dll] RUNDLL32.EXE w037ddb2.dll,I2 000092730037ddb2
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [kdbtk] C:\WINDOWS\system32\oppbjl.exe reg_run
O4 - HKCU\..\Run: [Tkgpst] C:\Documents and Settings\Brendan\Application Data\?ecurity\m?iexec.exe
O4 - HKCU\..\Run: [64 16] C:\DOCUME~1\Brendan\APPLIC~1\DRIVET~1\Film Bat Cast.exe
O4 - HKCU\..\Run: [Udbt] "C:\PROGRA~1\COMMON~1\STEM~1\javaw.exe" -vt ndrv
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\nopdb.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\fp2s03f7e.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\n26qlcj51fo.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\gpnsl3571.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

-------------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
---------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Cluelessperson

Cluelessperson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 July 2006 - 05:12 PM

Ok... AVG and Kerio installed and i used all of the other things listed.

----------------------------Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 5:01:25 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brendan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132092414139
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

Start Time= Thu 07/20/2006 17:00:10.96
Running from: C:\Documents and Settings\Brendan\Desktop

----------------------------------------------Combofix.txt

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-20 16:59 231 C:\WINDOWS\system.ini
2006-07-20 16:49 <DIR> C:\Program Files\Common Files\??stem ( stem~1 )
2006-07-20 16:24 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-20 16:23 116 C:\WINDOWS\nerodigital.ini
2006-07-20 15:45 <DIR> C:\Documents and Settings\Brendan\Application Data\drive tool
2006-07-20 15:19 776,096 C:\WINDOWS\system32\drivers\avg7core.sys
2006-07-20 15:19 4,288 C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-07-20 15:19 27,776 C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-20 15:19 23,424 C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-07-20 15:19 <DIR> C:\Program Files\grisoft
2006-07-20 15:19 <DIR> C:\Documents and Settings\Brendan\Application Data\avg7
2006-07-20 15:17 <DIR> C:\Program Files\kerio
2006-07-20 15:17 <DIR> C:\Program Files\installshield installation information
2006-07-20 15:02 <DIR> C:\Documents and Settings\Brendan\Application Data\?ecurity ( ecurit~1 )
2006-07-20 14:59 <DIR> C:\Program Files\morpheus toolbar
2006-07-19 23:41 <DIR> C:\Program Files\uogateway
2006-07-17 20:16 <DIR> C:\Program Files\ewido anti-malware
2006-07-17 11:53 <DIR> C:\Program Files\ccleaner
2006-07-17 03:19 <DIR> C:\Program Files\morpheus
2006-07-14 21:13 <DIR> C:\Program Files\razor
2006-07-14 21:12 457,654 C:\WINDOWS\system32\perfstringbackup.ini
2006-07-14 21:12 <DIR> C:\Documents and Settings\Brendan\Application Data\microsoft
2006-07-14 21:11 <DIR> C:\Program Files\internet explorer
2006-07-14 21:11 <DIR> C:\Program Files\Common Files\microsoft shared
2006-07-14 21:03 <DIR> C:\Program Files\ea games
2006-06-25 15:38 52 C:\WINDOWS\gunzlauncher.ini
2006-06-24 11:15 <DIR> C:\Program Files\silkroad
2006-06-18 02:34 <DIR> C:\Program Files\bitlord
2006-06-18 02:33 <DIR> C:\Program Files\knightonline
2006-06-16 22:59 <DIR> C:\Program Files\bitcomet
2006-06-16 19:01 <DIR> C:\Program Files\ipod
2006-06-04 14:39 <DIR> C:\Documents and Settings\Brendan\Application Data\t?sks ( tsks~1 )
2006-06-03 21:53 <DIR> C:\Program Files\divx
2006-06-01 17:10 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-06-01 17:09 90,112 C:\WINDOWS\system32\dpl100.dll
2006-06-01 17:09 593,920 C:\WINDOWS\system32\dpugui11.dll
2006-06-01 17:09 57,344 C:\WINDOWS\system32\dpv11.dll
2006-06-01 17:09 53,248 C:\WINDOWS\system32\dpugui10.dll
2006-06-01 17:09 344,064 C:\WINDOWS\system32\dpus11.dll
2006-06-01 17:09 294,912 C:\WINDOWS\system32\dpu11.dll
2006-06-01 17:09 294,912 C:\WINDOWS\system32\dpu10.dll
2006-06-01 17:09 200,704 C:\WINDOWS\system32\dtu100.dll
2006-06-01 17:07 536,576 C:\WINDOWS\system32\divxsm.exe
2006-06-01 17:07 245,408 C:\WINDOWS\system32\unicows.dll
2006-06-01 17:07 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-06-01 17:07 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-06-01 17:06 778,240 C:\WINDOWS\system32\divx_xx0c.dll
2006-06-01 17:06 778,240 C:\WINDOWS\system32\divx_xx07.dll
2006-06-01 17:06 761,856 C:\WINDOWS\system32\divx_xx11.dll
2006-06-01 17:06 619,156 C:\WINDOWS\system32\divx.dll
2006-06-01 17:06 12,288 C:\WINDOWS\system32\divxwmpexttype.dll
2006-06-01 17:06 118,784 C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-05-31 16:47 <DIR> C:\Documents and Settings\Brendan\Application Data\vlc
2006-05-31 16:05 <DIR> C:\Program Files\matroska pack
2006-05-30 10:29 <DIR> C:\Program Files\videolan
2006-05-29 19:57 <DIR> C:\Documents and Settings\Brendan\Application Data\azureus
2006-05-24 17:48 20,640 C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-05-24 17:48 109,568 C:\WINDOWS\system32\pxinsi64.exe
2006-05-24 17:48 108,544 C:\WINDOWS\system32\pxcpyi64.exe
2006-05-20 21:55 <DIR> C:\Program Files\emsa dll register tool
2006-05-05 19:04 1,158 C:\WINDOWS\system32\w0009273.ini
2006-04-24 16:37 38,843 C:\Documents and Settings\Brendan\Application Data\com.kennettnet.podutil.plist
2006-04-23 14:08 33,533 C:\WINDOWS\system32\corevorbis-uninstall.exe
2006-04-23 14:04 188,416 C:\WINDOWS\system32\bmg5.exe
2005-11-15 17:55 <DIR> C:\Program Files\Common Files\??stem ( system )


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NWEReboot"=""
"VTTimer"="VTTimer.exe"
"SoundMan"="SOUNDMAN.EXE"
"FLMK08KB"="C:\\Program Files\\Muiltmedia keyboard utility\\1.1\\MMKEYBD.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\WINDOWS\\system32\\ad.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A3F8B181918729BD.job

Completion time: Thu 07/20/2006 17:00:22.85
ComboFix ver 06.07.20 - This logfile is located at C:\ComboFix.txt

ComboFix.txt
ComboFix2.txt

------------------------------------------------ Ewido report problem.... i can't find it in the report folder(i did set for it to make them). Any ideas where this might have been made or what i should do if it didn't make one?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 PM

Posted 21 July 2006 - 02:05 AM

Hello,

* Open notepad and copy and paste next content in it:

%systemdrive%
cd %WinDir%\Tasks
attrib -r -s -h A3F8B181918729BD.job
del A3F8B181918729BD.job


Save this as remjobs.bat , choose to save as *all files and place it on your desktop.
Doubleclick on remjobs.bat. A doswindow will open and close again, this is normal.

I asked you before to uninstall Morpheus Toolbar. I see that the folder is still present.

Delete next files and folders...

C:\Program Files\morpheus toolbar <== folder
C:\WINDOWS\system32\w0009273.ini
C:\WINDOWS\system32\ad.html

C:\Documents and Settings\Brendan\Application Data\t?sks <== this folder, will most probably look like tasks. Please make sure you don't delete the legit tasks folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-06-04 14:39

C:\Documents and Settings\Brendan\Application Data\?ecurity <== this folder, will most probably look like security. Please make sure you don't delete the legit security folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-20 15:02

C:\Program Files\Common Files\??stem <== this folder, will most probably look like system. Please make sure you don't delete the legit system folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-20 16:49

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

You say that you couldn't find the Ewido report. Well, I asked you to save it to a place where you can find it easily

( Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).


So I guess you forgot that step. So run Ewido again and make sure you save the log to your desktop. No need to run this in safe mode now, just perform it in normal mode.

Post the ewido log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Cluelessperson

Cluelessperson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 July 2006 - 04:04 AM

ok.... found first report( i was looking in old version of ewido folder) and made a second one.

---------First

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:49:29 PM 7/20/2006

+ Scan result:



C:\WINDOWS\system32\__delete_on_reboot__n_o_p_d_b_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
[1024] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1032] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1040] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1044] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1108] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1164] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1176] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1252] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1344] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1424] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1620] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1680] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1724] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1732] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1840] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[1860] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2364] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2500] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2524] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[252] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2584] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2644] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2704] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[2908] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[3132] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[400] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[564] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[608] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[912] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[924] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[948] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
[984] C:\WINDOWS\system32\nopdb.dll -> Adware.PurityScan : Error during cleaning.
C:\Program Files\Common Files\ѕуstem\javaw.exe -> Downloader.PurityScan.ct : Cleaned with backup (quarantined).
C:\WINDOWS\system32\АppPatch\lѕass.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Benjamin\Local Settings\Temp\cinfo.exe -> Logger.Small.fv : Cleaned with backup (quarantined).
C:\Documents and Settings\Benjamin\Local Settings\Temporary Internet Files\Content.IE5\F20QMA13\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\2d0ismp3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Brendan\Cookies\brendan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


--------------------------------------Second

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:57:20 AM 7/21/2006

+ Scan result:



:mozilla.49:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\72ru52k6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 PM

Posted 21 July 2006 - 04:07 AM

Ok, second one looks much better. :thumbsup:

Your previous hijackthislog looked clean as well, so how are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Cluelessperson

Cluelessperson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 21 July 2006 - 09:47 AM

Well the main problems had been resolved after the first steps and i think my system has been running much better since finishing all the steps.Thanks a lot for helping me again, and I think that I'd donate if i had some money to spare Also when i do have some cash to spare i may donate anyway.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 PM

Posted 21 July 2006 - 09:50 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:48 PM

Posted 22 July 2006 - 01:00 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users