Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis


  • Please log in to reply
2 replies to this topic

#1 mamas

mamas

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 26 July 2006 - 07:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:31:51 PM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\syastem32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1130995070\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\n9nyb.exe
C:\dfndref_7.exe
C:\WINDOWS\system32\ghynf.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\uWDF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -

C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\rgohi.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ccvlsxj.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} -

C:\WINDOWS\system32\xeymi.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1130995070\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION

SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmef_7.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program

Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee\McAfee Shared

Components\Shredder 5\SHRED32.EXE" /q

C:\DOCUME~1\Melinda\LOCALS~1\TEMPOR~1\Content.SH!
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program

Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -

C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1}

- C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue)

- http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script

Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments

Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\WfaLogon.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\stgen.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd

- C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by mamas, 26 July 2006 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 mamas

mamas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 26 July 2006 - 09:39 PM

i scanned with panda active scan this is what i got


Incident Status Location

Adware:Adware/DollarRevenue Not disinfected c:\\kybrdef_7.exe
Adware:Adware/DollarRevenue Not disinfected c:\\dfndref_7.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\SurfSideKick 3\SskCore.dll
Virus:Trj/Downloader.JQF Disinfected Operating system
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\system32\dmonwv.dll
Adware:Adware/DollarRevenue Not disinfected C:\dfndref_7.exe
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\hewdybu.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\SurfSideKick 3\SskBho.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\stgen.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\system32\WfaLogon.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\repairs303169590.dll
Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Melinda\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat
Adware:adware/consumeralertsystem Not disinfected c:\program files\System Files
Adware:adware/look2me Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lorinda\Application Data\Mozilla\Firefox\Profiles\m0losipt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\lorinda\Application Data\Mozilla\Firefox\Profiles\m0losipt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@888[1].txt
Spyware:Cookie/adstat Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@ad.stat.4u[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@belnk[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@c.enhance[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@c.fsx[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@c.goclick[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@cgi-bin[5].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@fastclick[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@fortunecity[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@go[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@hotlog[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@i.screensavers[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@kmpads[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@revenue[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@serving-sys[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@statcounter[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@valueclick[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@weborama[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@yadro[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\lorinda\Cookies\lorinda@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@as-us.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@cgi-bin[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@dist.belnk[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@maxserving[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@revenue[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\lorinda\Local Settings\Temp\Cookies\lorinda@zedo[1].txt

#3 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:43 AM

Posted 27 July 2006 - 09:31 AM

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcan worm remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

5. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
* Boot back into normal mode

* 1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users