Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Get Rid Of Eprotect Page?


  • This topic is locked This topic is locked
16 replies to this topic

#1 zipper

zipper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 17 November 2006 - 04:56 PM

I followed all the instructions in getting rid of the Virusburst virus as best I could. Now I have a couple of other problems. One is the same as reported by Srk Fan22 recently with the eprotect page showing up instead of my homepage. The other is that my background has disappeared. I keep getting the message "///C:/windows/desktop.html path not found". Yes, the path name comes up exactly like that.
I very much appreciate any help you can give me.
Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:37:19 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Perfect Codec\isamonitor.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Perfect Codec\isamini.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\sp0t1gq1.slt\prefs.js)
O1 - Hosts: com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {11795cfe-766f-4a65-b815-60468819b248} - C:\WINDOWS\system32\visrolt.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dll
O2 - BHO: - {40e6b956-0764-4b75-a893-39db05d923eb} - C:\WINDOWS\system32\jgr.dll
O2 - BHO: - {43f09624-b39a-483d-9727-a2da5ed8304c} - C:\WINDOWS\system32\jgohqj.dll
O2 - BHO: - {597bb98d-ec9f-4ff0-bd82-e163e68b3f4e} - C:\WINDOWS\system32\pkypt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: - {6d84a4c5-8a38-4f99-99de-23c0ceadf633} - C:\WINDOWS\system32\nek.dll
O2 - BHO: - {74440ad9-5b1d-4610-bb9e-687bf7815e31} - C:\WINDOWS\system32\phlvxx.dll
O2 - BHO: - {81d9ef64-5a40-451b-ad3d-785eebdcfe37} - C:\WINDOWS\system32\jgmjgjgd.dll
O2 - BHO: - {8a263d9c-08cb-4861-a775-48585db2ad98} - C:\WINDOWS\system32\phxphb.dll
O2 - BHO: - {95e50323-f2ee-4fcb-9141-abbe6ba6df39} - C:\WINDOWS\system32\jgpvivll.dll
O2 - BHO: - {9bffec9c-7e03-41f2-9684-16ed50adab02} - C:\WINDOWS\system32\phhj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: - {aa6b1184-6103-4523-bf5a-25e2545d864c} - C:\WINDOWS\system32\jgmjgj.dll
O2 - BHO: - {ae6d465b-d6d2-4086-92f8-e6b61a893973} - C:\WINDOWS\system32\dfvfp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: - {c4898bec-d815-466c-ab37-70c5420525b0} - C:\WINDOWS\system32\zeo.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: - {e77a9bc7-4acd-4170-bd0e-3644581e6740} - C:\WINDOWS\system32\fs.dll
O2 - BHO: - {eb2f542f-d9e2-483c-a7b5-bf1ef9fb66a9} - C:\WINDOWS\system32\b.dll
O2 - BHO: - {f17a0cfc-dc06-4c93-b0fb-1642b395589a} - C:\WINDOWS\system32\jgmj.dll
O2 - BHO: - {f86b2e14-e467-4645-8100-58b1ee853be5} - C:\WINDOWS\system32\jgmjgjg.dll
O2 - BHO: - {fbb35105-b57c-48f4-ba3c-e74a4c07ea67} - C:\WINDOWS\system32\phi.dll
O2 - BHO: - {fd3d12a7-58da-4f36-8e63-172f6a7752e1} - C:\WINDOWS\system32\phz.dll
O2 - BHO: - {fe707664-9527-4f85-8154-49decc324c5d} - C:\WINDOWS\system32\jgqviv.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [mmsys] C:\recover.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Adult - http://listdating.com/se/se10.htm
O8 - Extra context menu item: Business - http://listdating.com/se/se5.htm
O8 - Extra context menu item: Car Insurance - http://listdating.com/se/se3.htm
O8 - Extra context menu item: Escorts - http://listdating.com/se/se9.htm
O8 - Extra context menu item: Finance - http://listdating.com/se/se6.htm
O8 - Extra context menu item: Games - http://listdating.com/se/se12.htm
O8 - Extra context menu item: Health Insurance - http://listdating.com/se/se4.htm
O8 - Extra context menu item: Loans - http://listdating.com/se/se7.htm
O8 - Extra context menu item: Online Casino - http://listdating.com/se/se2.htm
O8 - Extra context menu item: Porn - http://listdating.com/se/se11.htm
O8 - Extra context menu item: Sport Betting - http://listdating.com/se/se1.htm
O8 - Extra context menu item: Viagra - http://listdating.com/se/se8.htm
O8 - Extra context menu item: >> DATING >> - http://listdating.com/dt.htm
O8 - Extra context menu item: >> SEARCH >> - http://listdating.com/se.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2D1FCAD0-D02A-409E-951E-ADE0DD000C92} (GoActive Control) - http://ad.linkswiz.com/setup/StartPageKnet.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65...tzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093405130312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...52c671382f44be0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O19 - User stylesheet: c:\windows\my.css (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mcfG7A - mcfG7A.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Address Book 6.0 for Windows - {35E34195-66EC-769F-F737-4E148DBD6B07} - c:\progra~1\parson~1\addres~1\6.0\wingigxy6.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 17 November 2006 - 06:09 PM

Hi,

Your system is badly infected, so let's start trying to clean this up. You will need to print these instructions because you will be working in Safe Mode without an Internet connection.

Please download VundoFix.exe and save it to your Desktop.
- Double-click VundoFix.exe to run it
- Click the Scan for Vundo button
- Once it is done scanning, click the Remove Vundo button
- You will receive a prompt asking if you want to remove the files
- Click YES
- Once you click YES, your Desktop will go blank as it starts removing Vundo
- When completed, it will prompt that it will reboot your computer
- Click OK

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, so simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Once VundoFix has completed scanning, please do not run it again.
If you run it more than one time, you will overwrite the original log generated when it was run the first time.
______________________________________________________________

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Do NOT run it yet.
______________________________

Download and install Superantispyware
1. During the installation process, the program will prompt you to download any updates, click Yes
2. After the update process has completed, a dialog box will state: Database definitions have been updated, click OK
3. At the SUPERAntiSpyware Main Menu, click the Preferences button,
4.) Click the General and Startup tab, under Start-Up Options, uncheck these two boxes: Start SUPERAntiSpyware when Windows starts and Show SUPERAntiSpyware icon in system tray
5. Click the Hi-Jack Protection tab and, under Home Page Protection, uncheck these two boxes: Display notification when home page changed and Protect home page from being changed. Changes can be made only here.
6. Click Close at the bottom of the page.
Do NOT run it yet.
__________________________________________________________

Reboot into SAFE MODE.
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Close ALL browsers and open windows / programs.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and OK.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders.
Open the SUPERAntiSpyware program.
1. At the SUPERAntiSpyware Main Menu, under Scan for Harmful Software, click the Scan your Computer button, and the SUPERAntiSpyware Scanner menu will appear.
2. Make sure under Scan Location that your correct hard drive letter is checked. The correct hard drive letter should automatically be checked by default.
3. Under Complete Scan, click Perform Complete Scan.
4. At the bottom, click Next, to start the scan.
NOTE: This scan is very thorough. It will take a while to complete depending on the number of files and folders on the hard drive. Please be patient.
5. Click finish and you will be taken back to the main interface.
6. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
7. Copy and paste the log into your reply.

Reboot into Normal Mode.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Post back with:
- the C:\vundofix.txt
- the C:\rapport.txt
- the Superantispyware log
- and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 November 2006 - 12:00 PM

It worked! Thanks. :thumbsup: and thanks for your quick response. :flowers:
I still have the problem with the white background. Every time it goes to my desktop I get the message:
cannot fine file: ///C:WINDOWS/desktop.html

You wanted me to post back with these files:
C:\vundofix.txt
Beginning removal...

VundoFix V6.2.8

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.4

Scan started at 10:21:52 PM 11/17/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...




C:\rapport.txt
SmitFraudFix v2.122

Scan done at 23:06:18.25, Fri 11/17/2006
Run from C:\Documents and Settings\Owner\Desktop\Virus Fix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\system32\efsdfgxg.exe Deleted
C:\Program Files\Perfect Codec\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


the Superantispyware log: I think this is the file?
2006/04/18-23:12:47.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/19-15:13:52.765 ServerLoaderCOM ::ComServiceStart() StartServiceCtrlDispatcher() error=1063
2006/04/20-22:41:16.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/20-22:42:20.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/22-23:24:55.603 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/22-23:28:18.838 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/24-21:07:58.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/24-21:08:24.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/25-22:32:21.328 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/25-22:33:14.953 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/26-20:06:09.046 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/26-20:06:48.375 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/26-22:43:04.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/26-22:43:41.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/28-00:27:41.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/28-00:28:14.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-00:40:54.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-00:41:37.156 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-08:56:56.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-08:57:31.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-23:22:07.555 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/29-23:22:47.539 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/30-11:58:10.578 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/30-11:58:40.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/30-23:24:34.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/04/30-23:25:11.375 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/02-00:23:23.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/02-00:24:26.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/02-09:27:33.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/02-09:28:01.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/03-01:26:15.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/03-01:27:04.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/03-23:52:44.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/03-23:53:42.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/05-00:41:52.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/05-00:42:31.953 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/05-23:34:30.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/05-23:35:25.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/06-10:07:19.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/06-10:08:15.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/07-00:28:08.041 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/07-00:28:48.198 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/08-00:27:01.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/08-00:27:24.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/08-00:27:56.578 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/08-00:28:27.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/09-00:20:01.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/09-00:20:41.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/09-23:08:45.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/09-23:09:17.718 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-00:04:43.906 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-00:05:31.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-18:21:47.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-18:22:23.937 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-18:34:23.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/11-18:34:53.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/12-01:00:41.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/12-01:01:48.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/13-00:17:39.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/13-00:18:27.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/14-00:05:46.923 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/14-00:06:27.689 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/14-23:56:35.343 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/14-23:57:07.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/15-23:17:39.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/15-23:18:15.937 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/16-22:02:29.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/16-22:03:23.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/17-23:05:02.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/17-23:06:01.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/18-23:24:04.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/18-23:24:48.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/19-23:50:07.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/19-23:51:01.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/20-18:46:32.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/20-18:47:05.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/20-23:44:38.849 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/20-23:45:31.099 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/21-23:42:57.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/21-23:43:51.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/22-23:13:52.484 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/22-23:14:37.906 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/23-23:39:55.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/23-23:40:47.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/24-23:15:24.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/24-23:16:00.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/26-01:03:45.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/26-01:04:43.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/26-23:40:00.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/26-23:40:52.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/28-00:42:05.115 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/28-00:42:57.021 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/29-00:33:32.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/29-00:34:43.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/30-00:58:09.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/30-00:58:43.578 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/30-23:35:44.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/30-23:36:41.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/31-23:21:03.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/05/31-23:21:41.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/01-23:56:29.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/01-23:57:34.718 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/02-18:47:17.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/02-18:47:55.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/02-23:32:01.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/02-23:33:13.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/04-00:27:51.903 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/04-00:28:53.542 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/05-00:35:31.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/05-00:36:20.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/05-23:58:25.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/05-23:59:19.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/06-08:14:06.484 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/06-08:14:43.906 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/07-00:34:54.343 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/07-00:35:27.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/07-23:58:38.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/07-23:59:18.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/08-23:33:21.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/08-23:34:00.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/09-23:48:46.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/09-23:49:28.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/10-08:00:23.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/10-08:01:25.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/11-00:24:29.245 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/11-00:25:02.933 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/12-00:41:51.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/12-00:43:01.515 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/13-00:24:17.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/13-00:25:07.265 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/13-23:49:40.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/13-23:50:38.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/14-20:10:08.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/14-20:11:02.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/14-22:48:16.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/14-22:49:07.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/17-01:13:36.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/17-01:14:20.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/18-01:00:04.158 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/18-01:00:59.689 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/19-00:27:37.718 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/19-00:28:18.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/19-23:48:59.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/19-23:49:43.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/21-00:06:16.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/21-00:07:03.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/21-23:42:35.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/21-23:43:08.484 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/24-01:25:49.921 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/24-01:26:35.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/24-23:40:30.818 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/24-23:41:04.178 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/25-02:05:37.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/25-02:06:06.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/26-00:12:36.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/26-00:13:10.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/26-23:09:40.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/26-23:10:10.937 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/27-12:08:57.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/27-23:53:37.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/27-23:54:35.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/29-00:08:27.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/29-00:09:09.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/29-14:25:11.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/29-14:25:52.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/30-00:39:15.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/06/30-00:40:18.156 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/01-00:32:46.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/01-00:33:42.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/01-23:48:19.185 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/01-23:49:11.060 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/02-23:13:52.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/02-23:14:27.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/03-23:53:14.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/03-23:53:42.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/05-01:36:20.359 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/05-01:36:52.156 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/05-04:50:50.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/05-04:51:23.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/06-00:48:32.062 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/06-00:49:41.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/06-23:23:57.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/06-23:25:06.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/07-23:12:57.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/07-23:14:02.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/08-23:39:01.618 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/08-23:39:40.665 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-00:12:30.796 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-00:13:02.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-18:20:56.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-18:21:27.906 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-23:19:15.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-23:19:47.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-23:40:07.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/10-23:40:35.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/11-20:09:02.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/11-20:09:33.515 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/12-00:03:59.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/12-00:04:26.156 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/12-00:47:38.593 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/12-00:48:08.921 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/13-00:14:37.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/13-00:15:10.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/14-00:13:41.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/14-00:14:11.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/14-23:57:48.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/14-23:58:53.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/16-00:19:40.052 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/16-00:20:14.896 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/17-00:47:10.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/17-00:47:45.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/18-01:29:06.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/18-01:29:40.828 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/18-23:26:31.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/18-23:27:02.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/19-23:40:06.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/19-23:40:49.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/19-23:51:21.328 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/19-23:51:50.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/20-23:40:16.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/20-23:40:53.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/21-21:51:28.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/21-21:52:17.046 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/21-23:52:15.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/21-23:52:45.593 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/23-01:15:50.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/23-01:16:29.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/24-00:01:02.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/24-00:01:40.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/25-11:39:59.359 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/26-04:01:31.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/26-04:02:19.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/26-23:20:01.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/26-23:20:52.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/28-00:01:27.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/28-00:02:11.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/29-01:30:24.578 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/29-01:31:14.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/29-11:51:15.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/29-11:51:46.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/30-01:26:32.794 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/30-01:27:02.969 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/31-00:49:56.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/07/31-00:50:36.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/01-00:50:50.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/01-00:51:30.015 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/02-00:25:32.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/02-00:26:06.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/02-00:33:17.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/02-00:33:45.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/03-00:02:06.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/03-00:02:47.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-00:52:08.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-00:52:48.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-21:40:38.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-21:41:32.484 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-23:46:52.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/04-23:47:23.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/05-11:54:51.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/05-11:55:45.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/06-00:22:57.588 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/06-00:23:36.335 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/07-00:29:31.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/07-00:30:15.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-01:11:07.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-01:11:55.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-09:31:28.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-09:31:55.921 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-20:06:09.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/08-20:06:51.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-00:58:11.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-00:58:42.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-09:18:29.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-09:19:06.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-23:24:22.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/09-23:25:10.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/11-00:07:26.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/11-00:08:14.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/12-00:48:13.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/12-00:48:54.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/13-01:05:05.905 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/13-01:05:45.311 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/14-00:28:05.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/14-00:28:55.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/14-00:34:55.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/14-00:35:22.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/15-00:21:45.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/15-00:22:48.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/15-14:15:02.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/15-14:15:45.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/16-00:03:45.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/16-00:08:21.796 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/16-23:49:48.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/16-23:50:32.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/17-23:41:26.359 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/17-23:42:09.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/19-00:17:48.984 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/19-00:18:46.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/20-00:06:43.810 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/20-00:07:31.044 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/21-00:23:54.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/21-00:24:27.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/22-00:33:52.718 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/22-00:34:34.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/23-00:21:43.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/23-00:22:30.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/24-00:05:34.890 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/24-00:06:43.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/24-23:51:35.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/24-23:52:22.046 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/26-00:57:22.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/26-00:58:01.796 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/27-00:59:27.183 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/27-01:00:03.042 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/28-00:03:20.265 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/28-00:03:48.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/28-23:27:25.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/28-23:28:00.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/29-17:42:00.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/29-17:42:36.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/30-00:54:12.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/30-00:54:50.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/31-01:00:47.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/31-01:02:30.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/31-23:56:19.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/08/31-23:57:41.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/02-00:50:30.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/02-00:51:15.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/03-01:18:41.143 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/03-01:19:13.314 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/04-00:08:50.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/04-00:09:34.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/05-00:09:57.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/05-00:10:39.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/06-00:26:59.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/06-00:27:45.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/06-23:23:14.062 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/06-23:23:42.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/08-00:58:33.515 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/08-00:59:12.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/09-01:15:07.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/09-01:15:51.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/10-00:38:05.521 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/10-00:38:54.036 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/11-00:20:10.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/11-00:20:44.343 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/12-00:12:57.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/12-00:13:43.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/12-23:32:36.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/12-23:33:08.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/13-20:08:16.515 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/13-20:09:00.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/14-00:39:37.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/14-00:40:11.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/15-00:15:47.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/15-00:16:21.828 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/16-00:41:05.625 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/16-00:41:56.062 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/17-01:20:12.011 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/17-01:20:47.776 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/18-00:30:07.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/18-00:30:41.046 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/18-23:54:56.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/18-23:55:31.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/20-01:00:43.515 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/20-01:01:36.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/20-08:53:30.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/20-08:54:01.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/21-00:27:57.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/21-00:28:30.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/22-00:54:40.578 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/22-00:55:18.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/23-00:06:03.031 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/23-00:06:55.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/23-09:01:40.375 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/23-09:02:14.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/24-00:05:45.161 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/24-00:06:44.364 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/25-00:05:52.890 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/25-00:06:24.328 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/26-00:08:22.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/26-00:09:02.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/27-00:09:46.062 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/27-00:10:28.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/28-00:03:26.968 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/28-00:04:02.359 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/29-00:24:59.421 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/29-00:25:41.250 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/30-00:17:42.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/09/30-00:18:35.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/01-00:52:20.954 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/01-00:53:09.626 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/02-00:39:36.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/02-00:40:14.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/03-00:10:39.906 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/03-00:11:19.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/04-01:07:17.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/04-01:07:54.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/05-00:20:19.562 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/05-00:20:54.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/06-00:10:14.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/06-00:10:53.781 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/07-00:38:48.484 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/07-00:39:49.593 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/07-23:13:01.953 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/07-23:13:38.640 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/08-23:42:45.358 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/08-23:43:23.358 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/09-23:59:28.828 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/10-00:00:02.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/11-00:24:42.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/11-00:25:38.078 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/12-00:46:07.828 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/12-00:46:55.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/13-00:43:29.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/13-00:44:10.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/14-00:39:51.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/14-00:43:52.843 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/15-00:33:50.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/15-00:34:41.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/16-00:31:27.125 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/16-00:32:07.453 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/17-00:31:31.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/17-00:32:16.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/18-00:54:53.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/18-00:55:44.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/19-00:59:16.918 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/19-00:59:57.418 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/19-23:28:55.171 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/19-23:29:29.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/20-22:43:17.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/20-22:44:39.296 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/23-01:30:18.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/23-01:31:04.140 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/24-00:36:51.328 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/24-00:37:34.593 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/25-01:00:46.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/25-01:02:25.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/26-01:08:43.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/26-01:09:24.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/26-23:30:04.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/26-23:30:40.546 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/27-22:39:33.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/27-22:40:32.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-10:25:17.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-12:13:56.937 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-12:14:47.890 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-16:08:51.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-16:09:24.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-23:34:31.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/28-23:35:15.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/29-13:42:54.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/29-15:29:09.671 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/29-22:10:47.937 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/29-22:11:37.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/30-22:51:08.328 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/30-22:51:48.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/31-23:09:15.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/10/31-23:09:54.921 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/01-23:15:12.093 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/01-23:16:08.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/02-23:55:34.119 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/02-23:56:15.807 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/04-00:08:11.718 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/04-00:09:01.765 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/04-23:29:03.203 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/04-23:29:46.312 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/05-22:33:44.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/05-22:34:46.796 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/06-22:13:01.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/06-22:13:44.828 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/07-23:16:28.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/07-23:17:03.375 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/08-22:29:28.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/08-22:30:11.187 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/09-22:56:11.281 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/09-22:56:46.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/10-20:31:33.468 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/10-20:32:20.656 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/11-21:38:24.000 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/11-21:39:05.218 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/12-23:27:08.325 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/12-23:27:58.622 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/13-23:22:10.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/13-23:23:43.875 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/14-15:25:43.531 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/14-15:26:31.703 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/14-23:27:18.609 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/14-23:28:04.500 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-13:37:58.921 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-13:39:51.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-13:58:54.687 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-13:59:25.265 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-14:53:02.750 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/16-14:53:28.437 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-13:09:00.734 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-13:10:30.109 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-14:26:00.390 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-14:26:34.156 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-22:55:17.406 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/17-22:56:13.234 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/18-11:03:27.859 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/18-11:04:03.296 ComClient LcsGetClientIdRunnable() exception=2147943453


a new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:54:46 AM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\sp0t1gq1.slt\prefs.js)
O1 - Hosts: com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [mmsys] C:\recover.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Adult - http://listdating.com/se/se10.htm
O8 - Extra context menu item: Business - http://listdating.com/se/se5.htm
O8 - Extra context menu item: Car Insurance - http://listdating.com/se/se3.htm
O8 - Extra context menu item: Escorts - http://listdating.com/se/se9.htm
O8 - Extra context menu item: Finance - http://listdating.com/se/se6.htm
O8 - Extra context menu item: Games - http://listdating.com/se/se12.htm
O8 - Extra context menu item: Health Insurance - http://listdating.com/se/se4.htm
O8 - Extra context menu item: Loans - http://listdating.com/se/se7.htm
O8 - Extra context menu item: Online Casino - http://listdating.com/se/se2.htm
O8 - Extra context menu item: Porn - http://listdating.com/se/se11.htm
O8 - Extra context menu item: Sport Betting - http://listdating.com/se/se1.htm
O8 - Extra context menu item: Viagra - http://listdating.com/se/se8.htm
O8 - Extra context menu item: >> DATING >> - http://listdating.com/dt.htm
O8 - Extra context menu item: >> SEARCH >> - http://listdating.com/se.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2D1FCAD0-D02A-409E-951E-ADE0DD000C92} (GoActive Control) - http://ad.linkswiz.com/setup/StartPageKnet.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65...tzip/RdxIE6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093405130312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...52c671382f44be0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O19 - User stylesheet: c:\windows\my.css (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mcfG7A - mcfG7A.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Address Book 6.0 for Windows - {35E34195-66EC-769F-F737-4E148DBD6B07} - c:\progra~1\parson~1\addres~1\6.0\wingigxy6.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.ex

#4 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 18 November 2006 - 12:49 PM

I've never seen that generated by Superantispyware.

The log can be found by doing the following:
- Open Superantispyware
- Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear. Copy/paste that log in your next reply.

If it's the same as what you posted here, we'll have to use another scanner because there's still work to do to clean your system.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 November 2006 - 04:07 PM

you never saw that before because I posted the wrong log. (Sorry about that.) Here's the right one.

SUPERAntiSpyware Scan Log
Generated 11/18/2006 at 01:02 AM

Application Version : 3.3.1020

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 01:13:32

Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 8595
Registry threats detected : 191
File items scanned : 59727
File threats detected : 35

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11795cfe-766f-4a65-b815-60468819b248}
HKCR\CLSID\{11795CFE-766F-4A65-B815-60468819B248}
HKCR\CLSID\{11795CFE-766F-4A65-B815-60468819B248}\InProcServer32
HKCR\CLSID\{11795CFE-766F-4A65-B815-60468819B248}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VISROLT.DLL
HKLM\Software\Classes\CLSID\{40e6b956-0764-4b75-a893-39db05d923eb}
HKCR\CLSID\{40E6B956-0764-4B75-A893-39DB05D923EB}
HKCR\CLSID\{40E6B956-0764-4B75-A893-39DB05D923EB}\InProcServer32
HKCR\CLSID\{40E6B956-0764-4B75-A893-39DB05D923EB}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGR.DLL
HKLM\Software\Classes\CLSID\{43f09624-b39a-483d-9727-a2da5ed8304c}
HKCR\CLSID\{43F09624-B39A-483D-9727-A2DA5ED8304C}
HKCR\CLSID\{43F09624-B39A-483D-9727-A2DA5ED8304C}\InProcServer32
HKCR\CLSID\{43F09624-B39A-483D-9727-A2DA5ED8304C}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGOHQJ.DLL
HKLM\Software\Classes\CLSID\{597bb98d-ec9f-4ff0-bd82-e163e68b3f4e}
HKCR\CLSID\{597BB98D-EC9F-4FF0-BD82-E163E68B3F4E}
HKCR\CLSID\{597BB98D-EC9F-4FF0-BD82-E163E68B3F4E}\InProcServer32
HKCR\CLSID\{597BB98D-EC9F-4FF0-BD82-E163E68B3F4E}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PKYPT.DLL
HKLM\Software\Classes\CLSID\{6d84a4c5-8a38-4f99-99de-23c0ceadf633}
HKCR\CLSID\{6D84A4C5-8A38-4F99-99DE-23C0CEADF633}
HKCR\CLSID\{6D84A4C5-8A38-4F99-99DE-23C0CEADF633}\InProcServer32
HKCR\CLSID\{6D84A4C5-8A38-4F99-99DE-23C0CEADF633}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NEK.DLL
HKLM\Software\Classes\CLSID\{74440ad9-5b1d-4610-bb9e-687bf7815e31}
HKCR\CLSID\{74440AD9-5B1D-4610-BB9E-687BF7815E31}
HKCR\CLSID\{74440AD9-5B1D-4610-BB9E-687BF7815E31}\InProcServer32
HKCR\CLSID\{74440AD9-5B1D-4610-BB9E-687BF7815E31}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PHLVXX.DLL
HKLM\Software\Classes\CLSID\{81d9ef64-5a40-451b-ad3d-785eebdcfe37}
HKCR\CLSID\{81D9EF64-5A40-451B-AD3D-785EEBDCFE37}
HKCR\CLSID\{81D9EF64-5A40-451B-AD3D-785EEBDCFE37}\InProcServer32
HKCR\CLSID\{81D9EF64-5A40-451B-AD3D-785EEBDCFE37}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGMJGJGD.DLL
HKLM\Software\Classes\CLSID\{8a263d9c-08cb-4861-a775-48585db2ad98}
HKCR\CLSID\{8A263D9C-08CB-4861-A775-48585DB2AD98}
HKCR\CLSID\{8A263D9C-08CB-4861-A775-48585DB2AD98}\InProcServer32
HKCR\CLSID\{8A263D9C-08CB-4861-A775-48585DB2AD98}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PHXPHB.DLL
HKLM\Software\Classes\CLSID\{95e50323-f2ee-4fcb-9141-abbe6ba6df39}
HKCR\CLSID\{95E50323-F2EE-4FCB-9141-ABBE6BA6DF39}
HKCR\CLSID\{95E50323-F2EE-4FCB-9141-ABBE6BA6DF39}\InProcServer32
HKCR\CLSID\{95E50323-F2EE-4FCB-9141-ABBE6BA6DF39}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGPVIVLL.DLL
HKLM\Software\Classes\CLSID\{9bffec9c-7e03-41f2-9684-16ed50adab02}
HKCR\CLSID\{9BFFEC9C-7E03-41F2-9684-16ED50ADAB02}
HKCR\CLSID\{9BFFEC9C-7E03-41F2-9684-16ED50ADAB02}\InProcServer32
HKCR\CLSID\{9BFFEC9C-7E03-41F2-9684-16ED50ADAB02}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PHHJ.DLL
HKLM\Software\Classes\CLSID\{aa6b1184-6103-4523-bf5a-25e2545d864c}
HKCR\CLSID\{AA6B1184-6103-4523-BF5A-25E2545D864C}
HKCR\CLSID\{AA6B1184-6103-4523-BF5A-25E2545D864C}\InProcServer32
HKCR\CLSID\{AA6B1184-6103-4523-BF5A-25E2545D864C}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGMJGJ.DLL
HKLM\Software\Classes\CLSID\{ae6d465b-d6d2-4086-92f8-e6b61a893973}
HKCR\CLSID\{AE6D465B-D6D2-4086-92F8-E6B61A893973}
HKCR\CLSID\{AE6D465B-D6D2-4086-92F8-E6B61A893973}\InProcServer32
HKCR\CLSID\{AE6D465B-D6D2-4086-92F8-E6B61A893973}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DFVFP.DLL
HKLM\Software\Classes\CLSID\{c4898bec-d815-466c-ab37-70c5420525b0}
HKCR\CLSID\{C4898BEC-D815-466C-AB37-70C5420525B0}
HKCR\CLSID\{C4898BEC-D815-466C-AB37-70C5420525B0}\InProcServer32
HKCR\CLSID\{C4898BEC-D815-466C-AB37-70C5420525B0}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ZEO.DLL
HKLM\Software\Classes\CLSID\{e77a9bc7-4acd-4170-bd0e-3644581e6740}
HKCR\CLSID\{E77A9BC7-4ACD-4170-BD0E-3644581E6740}
HKCR\CLSID\{E77A9BC7-4ACD-4170-BD0E-3644581E6740}\InProcServer32
HKCR\CLSID\{E77A9BC7-4ACD-4170-BD0E-3644581E6740}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FS.DLL
HKLM\Software\Classes\CLSID\{eb2f542f-d9e2-483c-a7b5-bf1ef9fb66a9}
HKCR\CLSID\{EB2F542F-D9E2-483C-A7B5-BF1EF9FB66A9}
HKCR\CLSID\{EB2F542F-D9E2-483C-A7B5-BF1EF9FB66A9}\InProcServer32
HKCR\CLSID\{EB2F542F-D9E2-483C-A7B5-BF1EF9FB66A9}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\B.DLL
HKLM\Software\Classes\CLSID\{f17a0cfc-dc06-4c93-b0fb-1642b395589a}
HKCR\CLSID\{F17A0CFC-DC06-4C93-B0FB-1642B395589A}
HKCR\CLSID\{F17A0CFC-DC06-4C93-B0FB-1642B395589A}\InProcServer32
HKCR\CLSID\{F17A0CFC-DC06-4C93-B0FB-1642B395589A}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGMJ.DLL
HKLM\Software\Classes\CLSID\{f86b2e14-e467-4645-8100-58b1ee853be5}
HKCR\CLSID\{F86B2E14-E467-4645-8100-58B1EE853BE5}
HKCR\CLSID\{F86B2E14-E467-4645-8100-58B1EE853BE5}\InProcServer32
HKCR\CLSID\{F86B2E14-E467-4645-8100-58B1EE853BE5}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGMJGJG.DLL
HKLM\Software\Classes\CLSID\{fbb35105-b57c-48f4-ba3c-e74a4c07ea67}
HKCR\CLSID\{FBB35105-B57C-48F4-BA3C-E74A4C07EA67}
HKCR\CLSID\{FBB35105-B57C-48F4-BA3C-E74A4C07EA67}\InProcServer32
HKCR\CLSID\{FBB35105-B57C-48F4-BA3C-E74A4C07EA67}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PHI.DLL
HKLM\Software\Classes\CLSID\{fd3d12a7-58da-4f36-8e63-172f6a7752e1}
HKCR\CLSID\{FD3D12A7-58DA-4F36-8E63-172F6A7752E1}
HKCR\CLSID\{FD3D12A7-58DA-4F36-8E63-172F6A7752E1}\InProcServer32
HKCR\CLSID\{FD3D12A7-58DA-4F36-8E63-172F6A7752E1}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PHZ.DLL
HKLM\Software\Classes\CLSID\{fe707664-9527-4f85-8154-49decc324c5d}
HKCR\CLSID\{FE707664-9527-4F85-8154-49DECC324C5D}
HKCR\CLSID\{FE707664-9527-4F85-8154-49DECC324C5D}\InProcServer32
HKCR\CLSID\{FE707664-9527-4F85-8154-49DECC324C5D}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JGQVIV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11795cfe-766f-4a65-b815-60468819b248}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40e6b956-0764-4b75-a893-39db05d923eb}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f09624-b39a-483d-9727-a2da5ed8304c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597bb98d-ec9f-4ff0-bd82-e163e68b3f4e}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d84a4c5-8a38-4f99-99de-23c0ceadf633}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74440ad9-5b1d-4610-bb9e-687bf7815e31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81d9ef64-5a40-451b-ad3d-785eebdcfe37}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a263d9c-08cb-4861-a775-48585db2ad98}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95e50323-f2ee-4fcb-9141-abbe6ba6df39}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9bffec9c-7e03-41f2-9684-16ed50adab02}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa6b1184-6103-4523-bf5a-25e2545d864c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae6d465b-d6d2-4086-92f8-e6b61a893973}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4898bec-d815-466c-ab37-70c5420525b0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e77a9bc7-4acd-4170-bd0e-3644581e6740}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb2f542f-d9e2-483c-a7b5-bf1ef9fb66a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f17a0cfc-dc06-4c93-b0fb-1642b395589a}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f86b2e14-e467-4645-8100-58b1ee853be5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbb35105-b57c-48f4-ba3c-e74a4c07ea67}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd3d12a7-58da-4f36-8e63-172f6a7752e1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe707664-9527-4f85-8154-49decc324c5d}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID

Neopets Toolbar
HKLM\Software\Classes\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\InprocServer32#ThreadingModel
HKCR\CLSID\{CD292324-974F-4224-D074-CACA427AA030}\ProgID
C:\PROGRA~1\NEOPETS\TOOLBAR\TOOLBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD292324-974F-4224-D074-CACA427AA030}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CD292324-974F-4224-D074-CACA427AA030}
HKCR\Toolbar.Neopets
HKCR\Toolbar.Neopets\Clsid

Adware.MovieLand/MediaPipe
HKCR\MPAgent.Agent
HKCR\MPAgent.Agent\CLSID
HKCR\MPAgent.Agent\CurVer
HKCR\MPAgent.Agent.1
HKCR\MPAgent.Agent.1\CLSID
HKCR\AppId\AMNotifier.EXE
HKCR\AppId\AMNotifier.EXE#AppID
HKCR\AppId\MPAgent.DLL
HKCR\AppId\MPAgent.DLL#AppID
HKCR\AMNotifier.HUBAWindow
HKCR\AMNotifier.HUBAWindow\CLSID
HKCR\AMNotifier.HUBAWindow\CurVer
HKCR\AMNotifier.HUBAWindow.1
HKCR\AMNotifier.HUBAWindow.1\CLSID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}#AppID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\Programmable
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib
HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0\win32
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR

Adware.180solutions/Search Assistant
HKCR\LMgr180.WMDRMAx
HKCR\LMgr180.WMDRMAx\CLSID
HKCR\LMgr180.WMDRMAx\CurVer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [  ]

Adware.180solutions/ZangoSearch
HKCR\SAIX.InstallerCaller
HKCR\SAIX.InstallerCaller\CLSID
HKCR\SAIX.InstallerCaller\CurVer
HKCR\SAIX.InstallerCaller.1
HKCR\SAIX.InstallerCaller.1\CLSID
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib#Version
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\0
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\0\win32
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\FLAGS
HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}\1.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\SAIX.dll [  ]

Trojan.Error Safe Free
HKLM\Software\Error Safe Free

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Browser Hijacker.Tubby
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}\1.0
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}\1.0\0
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}\1.0\0\win32
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}\1.0\FLAGS
HKCR\TypeLib\{9EAC0102-5E61-2312-BC2B-000000000000}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@stats1.reliablestats[2].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\cadohomes@earthlink.net\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\catsvend@earthlink.net\Cookies\owner@admarketplace[1].txt

Adware.Starware
C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\TEMP\PLTBINST.EXE

Trojan.Gromozon (RootKit)
C:\WINDOWS\SYSTEM32\AUX.TXZ

Trojan.MediaPipe-Variant
C:\WINDOWS\SYSTEM32\ENTRY.DLL

#6 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 18 November 2006 - 07:41 PM

Hi,

Okay, that's better.

Please download Hoster
- Unzip Hoster.zip
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
- Open Hoster.exe
- Click on "Restore Original Hosts"
- Close program when complete.

Uninstall the following programs.
- Go to Start > Control Panel > Add/Remove Programs
- Select Neopets
- Click Remove
- Select Market Browser
- Click Remove
- Exit.

See if this helps with your Desktop problem:
- Go to Start -> Control Panel -> Display -> Desktop
- Click Customize Desktop -> Web tab
- Uncheck and delete everything you find in there except for "My current home page"

Reboot your computer.

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Start HijackThis, click System Scan Only and place a checkmark next to the following items:
O1 - Hosts: com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [mmsys] C:\recover.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Adult - http://listdating.com/se/se10.htm
O8 - Extra context menu item: Business - http://listdating.com/se/se5.htm
O8 - Extra context menu item: Car Insurance - http://listdating.com/se/se3.htm
O8 - Extra context menu item: Escorts - http://listdating.com/se/se9.htm
O8 - Extra context menu item: Finance - http://listdating.com/se/se6.htm
O8 - Extra context menu item: Games - http://listdating.com/se/se12.htm
O8 - Extra context menu item: Health Insurance - http://listdating.com/se/se4.htm
O8 - Extra context menu item: Loans - http://listdating.com/se/se7.htm
O8 - Extra context menu item: Online Casino - http://listdating.com/se/se2.htm
O8 - Extra context menu item: Porn - http://listdating.com/se/se11.htm
O8 - Extra context menu item: Sport Betting - http://listdating.com/se/se1.htm
O8 - Extra context menu item: Viagra - http://listdating.com/se/se8.htm
O8 - Extra context menu item: >> DATING >> - http://listdating.com/dt.htm
O8 - Extra context menu item: >> SEARCH >> - http://listdating.com/se.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...FreeInstall.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16092d6015ae65...tzip/RdxIE6.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/L...hedLotTeleX.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdas...sh.1.0.0.72.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/b...52c671382f44be0
O19 - User stylesheet: c:\windows\my.css (file missing)
O20 - Winlogon Notify: mcfG7A - mcfG7A.dll (file missing)


Close ALL browsers and open windows except HijackThis and click 'Fix Checked'.

Navigate to and delete the following folders if present:
C:\Progrm Files\Neopets
C:\Program Files\MarketBrowser

Navigate to and delete the following files if present:
C:\Windows\my.css
C:\Windows\system32\mcfG7A.dll

Reboot your computer - Important!

Post back with a new HijackThis log. Also, have you been able to update your Symantec Anti-Virus program? Let me know how your computer is running.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 18 November 2006 - 10:37 PM

IT WORKED!! :thumbsup: Thank you, thank you, thank you.

My desktop problem is cured.
Functions have been restored that I lost some time ago that I thought were gone for good.
My computer is running faster.
etc.
It's running better than it has for a very long time.

One of the first things I did when I started having problems this week was to update my Symantec Anti-Virus program. It's up to date. The only problem, is that I now have 2 anti-virus programs running: the Norton and the SuperAntiSpyware program. I'm getting a Norton Securty Alert box saying that virus protection is turned off. It's not. Then the box goes away.

The only other thing is that the kids will be upset that they lost their Neopets stuff. They love going to that site. Oh well, it's a small price to pay for fixing a lot of problems.

Here's the latest HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:10 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\sp0t1gq1.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKLM\..\RunOnce: [LRPatch] "C:\DOCUME~1\Owner\LOCALS~1\Temp\LRPatch.exe" /RUN
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {2D1FCAD0-D02A-409E-951E-ADE0DD000C92} (GoActive Control) - http://ad.linkswiz.com/setup/StartPageKnet.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093405130312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163903371078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Address Book 6.0 for Windows - {35E34195-66EC-769F-F737-4E148DBD6B07} - c:\progra~1\parson~1\addres~1\6.0\wingigxy6.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 18 November 2006 - 11:55 PM

Hi,

Very good! Superantispyware is an anti-spyware application, not an anti-virus program - so it's alright to keep it. Since it's the free version, you will have to manually update it from time to time and then scan. Having two anti-virus programs causes programs, but you can have one or more anti-spyware programs in addition to your anti-virus program.

We just have some cleaning up to take care of now. Make your Microsoft Windows Defender Real-time Protection is still disabled so we can run a fix with HijackThis.
Note: You will need to print these instructions because we will be working in Safe Mode without an Internet connection.

Go to Start > Control Panel > Security Center
- Make sure that Virus Protection is set to On
- Exit the Security Center.

Please set your system to show all files.
- Go to Start > open My Computer
- Select the Tools menu and click Folder Options.
- Select the View tab and, under Hidden files and folders, select Show hidden files and folders
- Uncheck Hide file extensions for known file types
- Uncheck Hide protected operating system files (Recommended)
- Click Apply, then OK

Reboot into SAFE MODE.
To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.

Start HijackThis, click System Scan Only and place a checkmark next to the following items:
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\RunOnce: [LRPatch] "C:\DOCUME~1\Owner\LOCALS~1\Temp\LRPatch.exe" /RUN
O16 - DPF: {2D1FCAD0-D02A-409E-951E-ADE0DD000C92} (GoActive Control) - http://ad.linkswiz.com/setup/StartPageKnet.cab
O16 - DPF: {2D1FCAD0-D02A-409E-951E-ADE0DD000C92} (GoActive Control) - http://ad.linkswiz.com/setup/StartPageKnet.cab


Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

Navigate to and delete the following file if present:
C:\Documents and Settings\Owner\Local Settings\Temp\LRPatch.exe

Reboot into Normal Mode.

Run Panda Online Scan. When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.

Post back with the log from the Panda Online Scan and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 19 November 2006 - 05:14 PM

I got everything done and got down to "Run Panda Online Scan."
What is that? Where do I get it?

When starting out on your last instructions, I went to check out Security Center and to my surprise it stated that it was not started! I figured out how to start it and made sure that Virus Protection was turned on.
Could this having been turned off be part of what has allowed so many bugs in my computer?

#10 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 20 November 2006 - 03:41 AM

Hi,

Your first log reflected that Symantec was not enabled. Your next log showed that Symantec was running which is why I asked if you had updated it and then asked you to check your Security settings. There are a number of trojans that will stop AV's from running which, in turn, allows you to get more infected.

You have the ActiveX for Panda's Online Scan which means that you used it in the past. These are the instructions and the link:

Perform an onlinescan with Panda Online. Please use this scanner instead of any other scanner! You have to use Internet Explorer for this scan.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component, allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the "See Report" button, then "Save Report" and save it to a convenient location.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 20 November 2006 - 02:53 PM

I didn't recognize Panda scan until I ran it. It doesn't leave any buttons on my desktop so I didn't recognize it at first.

Here is the Panda scan report:

Incident Status Location

Virus:trj/venker.a Disinfected Operating system
Adware:adware/adsmart Not disinfected c:\windows\system32\vx.tll
Adware:adware/qoologic Not disinfected c:\windows\downloaded program files\installer.exe
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mediapipe Not disinfected c:\program files\License_Manager
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Adware:adware/comet Not disinfected C:\Documents and Settings\Owner\Application Data\Starware
Potentially unwanted tool:application/zango Not disinfected hkey_current_user\software\zango
Adware:adware/elitebar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/weirdontheweb Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.zip-3b5938b1-592d65d6.zip[NewClasssss.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-35a88ac5-1f3c8f2b.zip[SecurityCL.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-35a88ac5-1f3c8f2b.zip[Queer.class]
Virus:Trj/Shinwow.C Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-34569309-6eb3ea0e.zip[Matrix.class]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-27efde8d.zip[javautil.zip]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-48274183.zip[javautil.zip]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-55a5b99e.zip[javautil.zip]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-59f9e629.zip[javautil.zip]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-67e88f6a.zip[javautil.zip]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-473001be-74c35d1d.zip[javautil.zip]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\Protection\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\Protection\smitRem\Process.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\TradewindsLegends-dm[1].exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Possible Virus. Not disinfected C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SR3List.dll
Possible Virus. Not disinfected C:\Program Files\HP Instant Support\plugin\bin\ContentUpdater.exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Netscape\Netscape\Plugins\npclntax.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\SP1RcvryFix.exe[24WWWSP1.exe][hp/tmp/sp1patch/BIN/FondleWindow.exe]
Possible Virus. Not disinfected C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab[\plugin\bin\ContentUpdater.exe]
Possible Virus. Not disinfected C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\ContentUpdater.exe
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\silentfix.exe
Virus:Trj/Downloader.BTV Disinfected C:\WINDOWS\system32\cdsadmd32.exe

and the latest HiJack This report:
Logfile of HijackThis v1.99.1
Scan saved at 2:49:43 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\sp0t1gq1.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093405130312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163903371078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Address Book 6.0 for Windows - {35E34195-66EC-769F-F737-4E148DBD6B07} - c:\progra~1\parson~1\addres~1\6.0\wingigxy6.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 20 November 2006 - 06:31 PM

Hi,

Well, you certainly have a lot of malware left, so do the following.

• Go to Start > Control Panel > Add/Remove Programs
Note: Not all of the following will be listed
- Select FunWebProducts
- Click Remove
- Do the same for the following:
License_Manager
My Web Search
My Way Speedbar
Search Assistant - My Way
Screensavers.com
Zango

- Exit.

• Go to Start > Run > copy/paste: regsvr32 /u occache.dll
- click OK.

Next, navigate to and delete the following file:
C:\WINDOWS\Downloaded Program Files\ZangoInstaller.dll

Now, go to Start > Run > copy/paste: regsvr32 occache.dll

• Reboot your computer - Important!

• Navigate to and delete the following folders if present:
C:\Program Files\FunWebProducts
C:\Program Files\License_Manager
C:\Program Files\My Web Search
C:\Program Files\My Way Speedbar
C:\Program Files\Search Assistant - My Way
C:\Program Files\Zango
C:\Program Files\Starware
C:\Program Files\Screensavers.com
C:\Documents and Settings\Owner\Application Data\Starware

• Navigate to and delete the following files if present:
C:\Program Files\Netscape\Netscape\Plugins\npclntax.dll
C:\Downloads\TradewindsLegends-dm[1].exe
C:\WINDOWS\silentfix.exe
C:\Windows\system32\cdsadmd32.exe

• Open Notepad and copy and paste the text inside the codebox into Notepad:

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\ZANGO]

- Save this as fix.reg -> choose to save as *all files -> and place it on your desktop.
- It should look like this: Posted Image
- Double-click on it and, when you are asked if you want to merge the contents to the registry, click YES/OK.

• Finally, you have an outdated version of Java which, because of security reasons, needs to be updated. To update Java:
- Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 and save it to your Desktop.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel > Add/Remove Programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Posted Image icon next to it.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your Desktop, double-click on the downloaded Java file to install the newest version.

After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked

Downloaded Applets
Downloaded Applications
Other Files

Click OK on Delete Temporary Files Window (Important step for you to do!)
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
Click OK to leave the Java Control Panel.

• Post back and let me know how it went.

Edited by waterfalls, 20 November 2006 - 09:47 PM.

Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#13 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 20 November 2006 - 11:05 PM

Hi,

1) about half of the stuff you instructed me to delete wasn't there.
2) I am unfamiliar with notepad. How do you start it?
3) I think I may have deleted too many Java files. There is no Java icon. I use it in an on-line website development tool and it is working fine. Other than that, I never use it.
4) I'm still getting the Symantic alert at start up. It's not a problem, I just wonder if I should be getting it at all.

Here is the latest HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 10:56:09 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\sprint virtual assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\sp0t1gq1.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\sprint virtual assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093405130312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163903371078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...290/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Address Book 6.0 for Windows - {35E34195-66EC-769F-F737-4E148DBD6B07} - c:\progra~1\parson~1\addres~1\6.0\wingigxy6.dll
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#14 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 21 November 2006 - 03:50 AM

Many of the programs I listed were not likely to be there which is why I noted that not all of the programs would be listed. Since many of them come bundled, to be on the safe side I listed the bundled group so long as you deleted what was found.

Your log is showing that you installed Java correctly.

You can open Notepad by going to Start > Run and type notepad.exe > click OK.
Then follow the instructions for fix.reg - reboot when you're finished.

Regarding Symantec's alerts, you'll have to contact their tech support. Symantec does quirky things sometimes.

Your log looks clean.

Please set your system to hide system files.
- Go to Start and open My Computer
- Select the Tools menu and click Folder Options.
- Select the View Tab and, under Hidden files and folders, check Do not show hidden files and folders
- Check Hide file extensions for known file types
- Check Hide protected operating system files (Recommended)
- Click Apply, then OK.

If you have not done so, please empty your Recycle Bin.

Create a new Restore Point:
- Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

Delete the old Restore Points:
- Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Reboot your computer.

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster. SpywareBlaster doesn't scan and clean for so-called spyware but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls and also prevents the installation of any of them via a webpage. Update it periodically.

* Avoid illegal sites because that's where most malware is present.
* Don't click on links inside pop-ups. If you should get them, use ALT + F4 to close them.
* Don't click on links in spam messages claiming to offer anti-spyware software because most of these so-called removers ARE spyware.
* Download free software only from sites you know and trust because a lot of free software can bundle other software, including spyware.

Let your anti-spyware scanner(s) scan frequently and don't forget to update before scanning.

I suggest you perform an online virus-scan once in a while (Housecall and/or Bitdefender) because what one virus-scanner can't find, another one maybe can.
Also, make sure that your virus-scanner, the one that is already installed on your system, is always up to date!

Make sure your Windows has the latest updates by going here.

More information on how to prevent malware can be found at So how did I get infected in the first place? by Tony Klein and Malware Prevention: Prevent Re-infection.

Happy surfing again! :thumbsup:
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#15 zipper

zipper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 21 November 2006 - 08:22 PM

Thank you very much for your help. I really appreciate it.

Good luck to you and happy computing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users