Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Computer


  • Please log in to reply
22 replies to this topic

#1 Damn Machine

Damn Machine

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 19 February 2007 - 04:28 PM

My laptop computer is running extremely slow, it has Norton Antivirus but wasn't up to date, so I downloaded the up to date stuff for it, and ran it and found 4 viruses, but the computer is still running slow. So i don't know if there's something it missed or some of the software on this computer are making it run slow. I don't know what's going on with this thing, so can you please review it over, and help me solve this problem, I appreciate it. Thanks :thumbsup:

here's the log

Logfile of HijackThis v1.99.1
Scan saved at 4:22:40 PM, on 2/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 21 February 2007 - 11:36 AM

Hi

Jotti File Submission:

#3 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 21 February 2007 - 02:44 PM

THANKS FOR HELPING OUT HERE'S THE RESULTS

Service load: 0% 100%

File: crypyext.dll
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 7e75be4c954c65b46fcb6d85b82b2170
Packers detected: -

Scanner results
Scan taken on 21 Feb 2007 19:34:20 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!

Statistics
Last file scanned at least one scanner reported something about: paris.exe (MD5: afe294d71454a89d5a8aec1d4c21b322), detected by:

Scanner Malware name
AntiVir TR/Crypt.XPACK.Gen
ArcaVir Heur.Win95
Avast X
AVG Antivirus I-Worm/Stration.CDD
BitDefender X
ClamAV Worm.Stration.ZX
Dr.Web Win32.HLLM.Limar
F-Prot Antivirus X
F-Secure Anti-Virus Email-Worm.Win32.Warezov.lk
Fortinet X
Kaspersky Anti-Virus Email-Worm.Win32.Warezov.lk
NOD32 Win32/Stration.XJ
Norman Virus Control X
VirusBuster X
VBA32 MalwareScope.Worm.Warezov.1


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 21 February 2007 - 02:46 PM

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "put file path here"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
    • C:\WINDOWS\System32\crypyext.dll
  • Click Open.
  • Click Post.
Thank you!

When you're done please post a fresh HijackThis log.

#5 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 21 February 2007 - 08:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:38:49 PM, on 2/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 27 February 2007 - 10:41 PM

while waiting for help I decided to try a few things to see if they'd help make this computer run faster. I updated windows, hoping it might fix what ever's messed up, but what ever the problem is, it wasn't fixed. Here's the new log and thanks for the help. Oh yeah, I don't know if this is any help, but when I was updating it, I thought it froze up, so I pressed alt ctrl delete to close the update in the processes, but the damn thing would appear, and then disappear, and then reappear in a different spot before I could click on it and end task. I just never noticed anything like that before, and wondered if that was part of the problem.

Logfile of HijackThis v1.99.1
Scan saved at 10:26:40 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\BellSouth\bak\hcenter.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172594164139
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#7 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 28 February 2007 - 10:28 AM

Sorry for the delay.. but I am waiting for some details on the crypyext.dll file because doesn't appear to be a Microsoft version so it may be a dodgy one.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\WINDOWS\System32\crypyext.dll


Reboot your computer normally.

Step #5

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#8 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 01 March 2007 - 12:38 PM

I followed your instructions, but when I tried to fix it, I got this error message on HijackThis


An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


Oh yeah inside the fold C:\windows\system32 there also is a file called crypyext.dat right next to crypyext.dll
, I noticed it when you had me scan crypyext.dll at that malware scan website, so I scanned that file too, but had the same results.

#9 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 01 March 2007 - 03:49 PM

Please continue, and delete both files (dll and dat file). Follow the instructions.

#10 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 01 March 2007 - 10:50 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:41:47 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\BellSouth\bak\hcenter.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} -

C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert

Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1172594164139
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe




_________________________________________________________________________
Active Scan Report




Incident Status Location

Adware:Adware/SpySheriff Not disinfected c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\itunes\ituneshelper.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\quicktime\qttask.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\common files\real\update_ob\realsched.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\common files\symantec shared\security center\usrprmpt.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\support.com\bellsouth\hcenter.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[server.iad.liveperson.net/hc/30454849]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.zedo.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.www.burstbeacon.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.counter.hitslink.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.citi.bridgetrack.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\William\Cookies\william@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Cookies\william@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Cookies\william@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\William\Cookies\william@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\William\Cookies\william@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\William\Cookies\william@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\William\Cookies\william@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\William\Cookies\william@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\William\Cookies\william@as-eu.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\William\Cookies\william@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\William\Cookies\william@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Cookies\william@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\William\Cookies\william@bfast[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Cookies\william@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\William\Cookies\william@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\William\Cookies\william@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\William\Cookies\william@cgi-bin[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Cookies\william@citi.bridgetrack[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\William\Cookies\william@counter.hitslink[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@counter7.sextracker[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\William\Cookies\william@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Cookies\william@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\William\Cookies\william@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\William\Cookies\william@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\William\Cookies\william@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\William\Cookies\william@fortunecity[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\William\Cookies\william@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\William\Cookies\william@i.screensavers[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\William\Cookies\william@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Cookies\william@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Cookies\william@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\William\Cookies\william@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\William\Cookies\william@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\William\Cookies\william@revenue[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Cookies\william@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@sextracker[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\William\Cookies\william@statcounter[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\William\Cookies\william@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\William\Cookies\william@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\William\Cookies\william@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\William\Cookies\william@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\William\Cookies\william@www.burstbeacon[2].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\William\Cookies\william@xxxcounter[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\William\Cookies\william@zedo[1].txt
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\William\Local Settings\Temp\19kc4Ca.exe
Virus:Trj/Kolweb.A Disinfected C:\Documents and Settings\William\Local Settings\Temp\~ds39990.tmp
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\drivera.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\druidy_a4m.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\druidy_cchoice.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\druid_a4m.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\druid_cchoice.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\durvilx.dll
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\durvilx.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\durvily.dll
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\durvily.exe
Virus:Trj/Kolweb.A Disinfected C:\WINDOWS\system32\durvilz.exe

#11 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 03 March 2007 - 02:39 PM

* Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Don't use it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:



* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwards

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process.

Post the log from smitfraudfix in your next reply together with a new hijackthislog.

I need you to post a new log single spaced as it makes things easier to read:

To remove the double spacing in your log, please do the following:
  • Please go to Start >> Run... and type notepad.exe
  • Hit OK.
  • Now go to Format and uncheck WordWrap.
  • Close Notepad.
  • Then post a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Edited by didom, 03 March 2007 - 02:40 PM.


#12 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 04 March 2007 - 06:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:01:52 PM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\BellSouth\bak\hcenter.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172594164139
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

SmitFraudFix v2.147

Scan done at 17:46:41.99, Sun 03/04/2007
Run from C:\Documents and Settings\William\Start Menu\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#13 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 06 March 2007 - 02:32 PM

Scan again with HijackThis and check the following items:
O20 - AppInit_DLLs: C:\WINDOWS\System32\crypyext.dll

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer.

Step #5

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#14 Damn Machine

Damn Machine
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 07 March 2007 - 10:15 PM

I tried using hijack this to get rid of crypyext.dll but I kept getting the same error as I mentioned to you before, so I then opened up regedit and search the registrys for crypyext and deleted all I found, hopefully I didn't screw anything up. Anyways here's the log for hijack this after I deleted the registrys.

Logfile of HijackThis v1.99.1
Scan saved at 10:06:19 PM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Support.com\BellSouth\bak\hcenter.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172594164139
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Incident Status Location

Adware:Adware/SpySheriff Not disinfected c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\itunes\ituneshelper.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\quicktime\qttask.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\common files\real\update_ob\realsched.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\common files\symantec shared\security center\usrprmpt.exe
Adware:Adware/SpySheriff Not disinfected c:\program files\support.com\bellsouth\hcenter.exe
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.citi.bridgetrack.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.counter.hitslink.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.overture.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.www.burstbeacon.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[server.iad.liveperson.net/hc/30454849]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\4yv9krrp.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\William\Cookies\william@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Cookies\william@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\William\Cookies\william@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\William\Cookies\william@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\William\Cookies\william@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\William\Cookies\william@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\William\Cookies\william@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\William\Cookies\william@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\William\Cookies\william@as-eu.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\William\Cookies\william@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\William\Cookies\william@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Cookies\william@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\William\Cookies\william@bfast[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Cookies\william@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\William\Cookies\william@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\William\Cookies\william@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\William\Cookies\william@cgi-bin[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\William\Cookies\william@citi.bridgetrack[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\William\Cookies\william@counter.hitslink[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@counter7.sextracker[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\William\Cookies\william@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\William\Cookies\william@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\William\Cookies\william@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\William\Cookies\william@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\William\Cookies\william@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\William\Cookies\william@fortunecity[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\William\Cookies\william@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\William\Cookies\william@i.screensavers[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\William\Cookies\william@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Cookies\william@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\William\Cookies\william@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\William\Cookies\william@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\William\Cookies\william@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\William\Cookies\william@revenue[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\William\Cookies\william@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\William\Cookies\william@sextracker[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\William\Cookies\william@statcounter[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\William\Cookies\william@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\William\Cookies\william@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\William\Cookies\william@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\William\Cookies\william@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\William\Cookies\william@www.burstbeacon[2].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\William\Cookies\william@xxxcounter[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\William\Cookies\william@zedo[1].txt
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\druidy_cchoice.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\druid_cchoice.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\durvilx.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

#15 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 08 March 2007 - 10:05 AM

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
I need the log later.

Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply.

Post the the results of the AVG Anti-Spyware scan and a fresh HijackThis log in your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users