Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log, Please Help Diagnose


  • This topic is locked This topic is locked
10 replies to this topic

#1 drfaustmd

drfaustmd

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 23 July 2006 - 05:46 PM

Hello, I had a bunch of spyware that I cleaned out but no matter how many times I ran there programs I am still getting porn pop-ups and such, please help me. here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:45:43 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\qssrvlsA.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Common Files\{80667550-0D54-1033-0331-060406040001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\eMule\eMule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SCREAM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [pjhdc66e] RUNDLL32.EXE wcceeb03.dll,n 001dc66d00000003cceeb03
O4 - HKLM\..\Run: [qssrvlsA] C:\WINDOWS\qssrvlsA.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Crmt] "C:\DOCUME~1\SCREAM~1\MYDOCU~1\YSTEM~1\dexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mnuqg] C:\PROGRA~1\COMMON~1\DOBE~1\MCONFI~1.EXE
O4 - HKCU\..\Run: [zokr] C:\PROGRA~1\COMMON~1\zokr\zokrm.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150250057765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: csrss.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\ailui.dll (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\xwsp1res.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe



Thank you!!!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 25 July 2006 - 08:21 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 drfaustmd

drfaustmd
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 25 July 2006 - 01:26 PM

ello, I've actually run ewido anti-spyware since my list post and got rid of a lot of it, but it still isn't acting right. So here is a fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:39 PM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\SCREAM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\SCREAM~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Acoustica CD Label Maker\CDLabel.exe
C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 1.6\TMPGEncDVDAuthor16.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ScreamerClauz\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [pjhdc66e] RUNDLL32.EXE wcceeb03.dll,n 001dc66d00000003cceeb03
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Crmt] "C:\DOCUME~1\SCREAM~1\MYDOCU~1\YSTEM~1\dexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [zokr] C:\PROGRA~1\COMMON~1\zokr\zokrm.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150250057765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


and here is the uninstall list you asked for:

2.1.0.0
42 Bit Scanner
Acoustica CD/DVD Label Maker
Ad-Aware SE Professional
Adobe After Effects 7.0
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 1.0
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AOL Instant Messenger
Auto Gordian Knot 2.27
Avid Liquid 7.00
AviSynth 2.5
Azureus
CCleaner (remove only)
Cowabanga by OIN
Creative Audio Console
Creative System Information
DC++ 0.691
DiscAPI
DivX
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-lab PRO 1.53
eMule Plus 1.2
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
ewido anti-spyware 4.0
Final Draft 7
FL Studio 6
FlashFXP v3.0 (Build 1022)
Google Earth
Google Toolbar for Internet Explorer
Gordian Knot Rip Pack 0.35.0
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
hp deskjet 9600 series
Intel® PRO Network Connections Software v10.0.26.0
Intel® PROSafe for Wired Connections
Intel® PROSafe for Wired Connections
IpWins
J2SE Runtime Environment 5.0 Update 7
K-Lite Codec Pack 2.72 Full
Lame ACM MP3 Codec
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic Bullet Editors Premiere
Microsoft Office XP Professional with FrontPage
mIRC
Mozilla Firefox (1.5)
MSN
Native Instruments Absynth 3
Native Instruments FM7
Native Instruments GuitarRig2 RTAS VSTi DXi
Nero 7 Ultra Edition
NetLimiter 1.30 (remove only)
NVIDIA Drivers
PC Probe II
Pinnacle Hollywood FX for Edition
PowerDVD
PowerISO
QuickTime
RAPID
RealPlayer
Realtek High Definition Audio Driver
Riva FLV Encoder 2.0
SmartSound Quicktracks Plugin
Sonic RecordNow! Deluxe
SoulSeek Client 156c
Sound Blaster X-Fi
Spybot - Search & Destroy 1.4
Starcraft
Text To PDF v2.1.0
TitleDeko
TMPGEnc DVD Author 1.6
TMPGEnc Plus 2.5
TMPGEnc Sound Player
ToolBar888
Turbo Lister 2
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Zero-G Altered States
Zero-G Outer Limits

thanks for you help!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 25 July 2006 - 06:15 PM

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Cowabanga by OIN
IpWins
ToolBar888
Viewpoint Manager (Remove Only)
Viewpoint Media Player



Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe


Reboot once more and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 drfaustmd

drfaustmd
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 25 July 2006 - 11:56 PM

hhmm, its still making the same sounds (sounds like a pop up beep and then no popup comes...) and i get this error when i boot up:
RUNDLL

Error loading wcceeb03.dll

The specified Module Could not be found

Heres a new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:05 AM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ScreamerClauz\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [pjhdc66e] RUNDLL32.EXE wcceeb03.dll,n 001dc66d00000003cceeb03
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [zokr] C:\PROGRA~1\COMMON~1\zokr\zokrm.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150250057765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe





and uninstall list:



2.1.0.0
42 Bit Scanner
Acoustica CD/DVD Label Maker
Ad-Aware SE Professional
Adobe After Effects 7.0
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 1.0
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AOL Instant Messenger
Auto Gordian Knot 2.27
Avid Liquid 7.00
AviSynth 2.5
Azureus
CCleaner (remove only)
Creative Audio Console
Creative System Information
DC++ 0.691
DiscAPI
DivX
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-lab PRO 1.53
eMule Plus 1.2
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
ewido anti-spyware 4.0
Final Draft 7
FL Studio 6
FlashFXP v3.0 (Build 1022)
Google Earth
Google Toolbar for Internet Explorer
Gordian Knot Rip Pack 0.35.0
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
hp deskjet 9600 series
Intel® PRO Network Connections Software v10.0.26.0
Intel® PROSafe for Wired Connections
Intel® PROSafe for Wired Connections
J2SE Runtime Environment 5.0 Update 7
K-Lite Codec Pack 2.72 Full
Lame ACM MP3 Codec
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magic Bullet Editors Premiere
Microsoft Office XP Professional with FrontPage
mIRC
Mozilla Firefox (1.5)
MSN
Native Instruments Absynth 3
Native Instruments FM7
Native Instruments GuitarRig2 RTAS VSTi DXi
Nero 7 Ultra Edition
NetLimiter 1.30 (remove only)
NVIDIA Drivers
PC Probe II
Pinnacle Hollywood FX for Edition
PowerDVD
PowerISO
QuickTime
RAPID
RealPlayer
Realtek High Definition Audio Driver
Riva FLV Encoder 2.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SmartSound Quicktracks Plugin
Sonic RecordNow! Deluxe
SoulSeek Client 156c
Sound Blaster X-Fi
Spybot - Search & Destroy 1.4
Starcraft
Text To PDF v2.1.0
TitleDeko
TMPGEnc DVD Author 1.6
TMPGEnc Plus 2.5
TMPGEnc Sound Player
Turbo Lister 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Zero-G Altered States
Zero-G Outer Limits

Any ideas? Thanks again for all your help so far!!!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 26 July 2006 - 03:31 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pjhdc66e] RUNDLL32.EXE wcceeb03.dll,n 001dc66d00000003cceeb03
O4 - HKCU\..\Run: [zokr] C:\PROGRA~1\COMMON~1\zokr\zokrm.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O18 - Filter: text/html - (no CLSID) - (no file)



Delete this file.

C:\WINDOWS\ALCMTR.EXE


Delete this folder.

C:\PROGRAM FILES\COMMON FILES\zokr


==============


Run a scan with Ewido.
  • Open up Ewido.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Edited by Buckeye_Sam, 26 July 2006 - 03:33 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 drfaustmd

drfaustmd
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 26 July 2006 - 10:41 PM

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:00 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ScreamerClauz\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150250057765
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:56:13 PM 7/26/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
G:\234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : No action taken.
L:\Installs\234 PhotoShop Plugins\234 PhotoShop Plugins.rar/234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : No action taken.
L:\Installs\234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[11].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[12].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[13].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0HOJCVWB\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\0LMR4HIJ\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\3JXBFPWK\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6B2VM9AR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6B2VM9AR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6B2VM9AR\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6B2VM9AR\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6L7W1WJA\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\6T9QFIPS\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8DMNWTIF\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[11].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\8X2J0LYR\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\C967KLMR\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CP2Z4PAF\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CP2Z4PAF\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CP2Z4PAF\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CP2Z4PAF\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\CZDV2AZP\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D1MTKJNW\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\D7FV51S6\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\EHDARQ5O\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\EHDARQ5O\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\EHDARQ5O\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GDA30HYR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GDA30HYR\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GHQ34LA3\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GHQ34LA3\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GHQ34LA3\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\GHQ34LA3\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\KND3227T\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\KND3227T\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\KND3227T\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\LR77H98E\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\MP5QRULK\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\MP5QRULK\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\N2WZJXSX\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NQSN3POL\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NW8PNFJ7\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NW8PNFJ7\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NW8PNFJ7\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\NW8PNFJ7\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\OPUF09UB\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\P1AP5KE3\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\P1AP5KE3\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\P1AP5KE3\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[10].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[11].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[6].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[7].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[8].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\QP0FALI5\popup[9].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\S7BFUC9H\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\S7BFUC9H\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\S7BFUC9H\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\S7BFUC9H\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\SPMNGHAV\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\SPMNGHAV\popup[2].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\SPMNGHAV\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\SPMNGHAV\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\VEK7RDG9\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\VEK7RDG9\popup[3].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\VEK7RDG9\popup[4].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Local Settings\Temporary Internet Files\Content.IE5\VEK7RDG9\popup[5].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.45:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.46:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.47:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.48:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.51:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.41:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.42:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.44:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.64:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.65:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.66:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.36:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.37:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.38:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.32:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@e-2dj6wjnyghczgeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.55:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.56:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-411web.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-minglematch.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ehg-ypcorp.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@targetnet[2].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.52:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.53:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.54:C:\Documents and Settings\ScreamerClauz\Application Data\Mozilla\Firefox\Profiles\whurg25c.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\ScreamerClauz\Cookies\screamerclauz@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end


Still making the sounds and the popups :thumbsup: less frequently though.....

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 27 July 2006 - 06:27 PM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


===============



Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 drfaustmd

drfaustmd
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 27 July 2006 - 11:26 PM

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{80667550-0D54-1033-0331-060406040001}" = ""C:\Program Files\Common Files\{80667550-0D54-1033-0331-060406040001}\Update.exe" mc-110-12-0000103" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"RCSystem" = ""C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup" ["Creative Technology Ltd."]
"AudioDrvEmulator" = ""C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
"itype" = ""C:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]
"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\\PSDrvCheck.exe" [empty string]
"EPSON Stylus Photo R200 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"" ["SEIKO EPSON CORPORATION"]
"HPWITOOLBOX" = "C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"" ["Hewlett-Packard Company"]
"NetLimiter" = "C:\Program Files\NetLimiter\NetLimiter.exe /s" ["LockTime"]
"EPSON Stylus Photo R220 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"" ["SEIKO EPSON CORPORATION"]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
-> {HKLM...CLSID} = "Liquid.Project"
\InProcServer32\(Default) = "C:\Program Files\Avid\Avid Liquid 7\Program\BlueShellExt.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Deluxe\shlext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\Common Files\hoxy.html"
"SubscribedURL" = ""


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "ScreamerClauz" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\ScreamerClauz\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus Photo R220 Series 2KMonitor5A\Driver = "E_FLMAIA.DLL" ["SEIKO EPSON CORPORATION"]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
HPZLNT09\Driver = "hpzlnt09.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 294 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 326 seconds)


I noticed something, whenever I reset the computer my wallpaper is gone and it says "click here to restore active desktop" and I start gettinng popups or hearing the popup sounds until I restore it...

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 28 July 2006 - 05:43 PM

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"{80667550-0D54-1033-0331-060406040001}"=-

[HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=-
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


===============


Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
  • Make sure "Hide extensions for known file types" is unchecked
  • Make sure "Hide protected operating system files (recommended)" is unchecked
  • For more info on how to show hidden files click here.
Delete this file.

C:\Program Files\Common Files\hoxy.html


==============


Reboot and post a new hijackthis log.
Let me know of any problems that you are still having.

Edited by Buckeye_Sam, 28 July 2006 - 05:43 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:17 AM

Posted 16 August 2006 - 06:35 PM

This topic has been closed due to a lack of response. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users