NEED HELP REMOVING "pokapoka79.exe" [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

NEED HELP REMOVING "pokapoka79.exe" [RESOLVED]

Options

pardo View Member Profile	Jan 10 2006, 05:27 PM Post #1
Member Posts: 10 OS: windos xp	can any one help me remove this or even tell me what it is. thank you

Flrman1 View Member Profile	Jan 10 2006, 08:23 PM Post #2
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	Hi pardo Welcome to G2G! Please do this: * Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

pardo View Member Profile	Jan 11 2006, 12:05 AM Post #3
Member Posts: 10 OS: windos xp	Logfile of HijackThis v1.99.1 Scan saved at 1:04:55 AM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\MPS\mscifapp.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\etb\pokapoka79.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu04592\untitled.dll (file missing) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekbu32.exe O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [IB22Rii8T] mpntcpip.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...438/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Flrman1 View Member Profile	Jan 11 2006, 07:08 AM Post #4
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* Click here to download LQfix.exe and Save it to your desktop. Doubleclick LQfix.exe and click install. Leave the default settings. If you change them, the fix will fail. You need an active internet connection so LQfix can connect. Allow LQfix to connect to the internet if prompted by your firewall. Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start. Follow the prompts on the screen. Your system will reboot afterwards. Please be patient after reboot, because there is a script running in the background. When it is finished, come back here and post a new Hijack This log. This post has been edited by Flrman1: Jan 11 2006, 07:09 AM

pardo View Member Profile	Jan 11 2006, 11:20 AM Post #5
Member Posts: 10 OS: windos xp	Logfile of HijackThis v1.99.1 Scan saved at 12:20:19 PM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\MPS\mscifapp.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu04592\untitled.dll (file missing) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [IB22Rii8T] mpntcpip.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...438/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Flrman1 View Member Profile	Jan 11 2006, 04:21 PM Post #6
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* Click Here and download Killbox and save it to your desktop. * Click here for info on how to boot to safe mode if you don't already know how. * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to. * Click Start > Run > and type in: services.msc Click OK. In the services window find System Startup Service. Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility. Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest. * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked" R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu04592\untitled.dll (file missing) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win O4 - HKCU\..\Run: [IB22Rii8T] mpntcpip.exe O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll * Next in Hijack This click on the "Config" button in the lower right corner. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Copy and paste the following line in that box: SvcProc Click OK. * Restart your computer into safe mode now. Perform the following steps in safe mode: * Double-click on Killbox.exe to run it. Put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time: C:\WINDOWS\System32\winmgd.win C:\WINDOWS\System32\mouse_configurator.win C:\WINDOWS\System32\mpntcpip.exe C:\WINDOWS\mpntcpip.exe Click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box. Killbox may tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. Next in Killbox go to Tools > Delete Temp Files In the window that pops up, put a check by ALL the options there except these three: XP Prefetch Recent History Now click the Delete Selected Temp Files button. Exit the Killbox. * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. * Restart back into Windows normally now. * Run ActiveScan online virus scan here When the scan is finished, save the results from the scan! Post a new HiJackThis log along with the results from ActiveScan

Flrman1 View Member Profile	Jan 11 2006, 04:24 PM Post #7
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	Also I see that you have both Norton and Mcafee antiviruses running. You should never have two antiviruses running at the same time. They will conflict with each other and cause all sorts of problems. You need to decide which one you are going to use and get rid of the other.

pardo View Member Profile	Jan 11 2006, 04:45 PM Post #8
Member Posts: 10 OS: windos xp	really...well my mcafree has expired and my norton as well. i dont know what to do, what was that pokapoka thing?

Flrman1 View Member Profile	Jan 11 2006, 06:07 PM Post #9
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	The pokapoka79.exe file was from Elitebar spyware/trojan. If both Norton and Mcafee are expired, you need to uninstall them and get an up to date antivirus ASAP. Can you afford to purchase one? If so, I recommned Nod32: http://nod32.softwaresecuritysolutions.com...2_consumer.html

pardo View Member Profile	Jan 13 2006, 09:12 AM Post #10
Member Posts: 10 OS: windos xp	Logfile of HijackThis v1.99.1 Scan saved at 10:11:59 AM, on 1/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu04592\untitled.dll (file missing) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [IB22Rii8T] mpntcpip.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...438/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Incident Status Location Adware:adware/browvil Not disinfected C:\WINDOWS\SYSTEM32\bUS.dll Adware:adware/mediatickets Not disinfected C:\WINDOWS\SYSTEM32\winttr.exe Adware:adware/ilookup Not disinfected C:\WINDOWS\SYSTEM32\xbox_round1.bmp Potentially unwanted tool:application/myway Not disinfected C:\WINDOWS\SYSTEM32\Xcite.dll Adware:adware/favoriteman Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.log Spyware:spyware/apropos Not disinfected C:\PROGRAM FILES\CxtPls Spyware:application/bestoffer Not disinfected C:\PROGRAM FILES\TBONBin Adware:adware/beginto Not disinfected C:\WINDOWS\SYSTEM32\b2s_cache Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras Potentially unwanted tool:application/need2find Not disinfected HKEY_CURRENT_USER\SOFTWARE\NEED2FIND Spyware:spyware/rxtoolbar Not disinfected Windows Registry Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@atdmt[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@doubleclick[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[servedby.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.ehg-idg.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.com.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.com.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.realmedia.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.valueclick.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.fastclick.net/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[a.as-us.falkag.net/dat/dlv/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.paycounter.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.ath.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.belnk.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.ask.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.2o7.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.z1.adserver.com/] Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[bilbo.counted.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.xiti.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.burstnet.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.zedo.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.dist.belnk.com/] Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.teensforcash.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.adtech.de/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.linksynergy.com/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[statse.webtrendslive.com/dcsxw26ueqljwpc9sj63f85wu_5k5n] Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.targetnet.com/] Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.fortunecity.com/] Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.spylog.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/XXXtoolbar Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.xxxtoolbar.com/] Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[.centrport.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[dcsxw26ueqljwpc9sj63f85wu_5k5n] Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\cookies.txt[] Adware:Adware/CWS Not disinfected C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-21033b61.class Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@atdmt[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JPardo\Cookies\jpardo@doubleclick[1].txt Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\JPardo\Local Settings\Temporary Internet Files\Content.IE5\JF9JRDSW\silent_setup[2].exe Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\1044446.exe Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\604485.exe Adware:Adware/NetPals Not disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\604485.exe Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\604485.exe Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biH.inf Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\biini.inf Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biJ.inf Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Passe-partout.exe Adware:Adware/EliteBar Not disinfected C:\WINDOWS\pre8.exe Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\SYSTEM32\bH.dll Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM32\BO2802040113.dll Adware:Adware/TVMedia Not disinfected C:\WINDOWS\SYSTEM32\bUS.dll Adware:Adware/Secure32 Not disinfected C:\WINDOWS\SYSTEM32\secure33.txt Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\SYSTEM32\Xcite.dll Potentially unwanted tool:Application/MyWay Not disinfected C:\WINDOWS\SYSTEM32\Xcite2.exe

Flrman1 View Member Profile	Jan 13 2006, 04:25 PM Post #11
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* By looking at this current Hijack This log, it appears that you didn't do anything except run the Activescan online scan. You need to read the following directions carefully and follow them to the letter. * Click Here and download Killbox and save it to your desktop. * Click here for info on how to boot to safe mode if you don't already know how. * Copy these instructions to notepad and save them to your desktop. You will need them to refer to. * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked" R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\tbu04592\untitled.dll (file missing) F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win O4 - HKCU\..\Run: [IB22Rii8T] mpntcpip.exe O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll * Restart your computer into safe mode now. Perform the following steps in safe mode: * Double-click on Killbox.exe to run it. Put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time: C:\WINDOWS\System32\winmgd.win C:\WINDOWS\System32\mouse_configurator.win C:\WINDOWS\System32\mpntcpip.exe C:\WINDOWS\mpntcpip.exe C:\WINDOWS\SYSTEM32\bUS.dll C:\WINDOWS\SYSTEM32\winttr.exe C:\WINDOWS\SYSTEM32\xbox_round1.bmp C:\WINDOWS\SYSTEM32\Xcite.dll C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf C:\WINDOWS\INF\biini.inf C:\WINDOWS\msbb.log C:\PROGRAM FILES\CxtPls C:\PROGRAM FILES\TBONBin C:\WINDOWS\SYSTEM32\b2s_cache C:\WINDOWS\cdmxtras C:\WINDOWS\Downloaded Program Files\1044446.exe C:\WINDOWS\Downloaded Program Files\604485.exe C:\WINDOWS\INF\biH.inf C:\WINDOWS\INF\biini.inf C:\WINDOWS\INF\biJ.inf C:\WINDOWS\Passe-partout.exe C:\WINDOWS\pre8.exe C:\WINDOWS\SYSTEM32\bH.dll C:\WINDOWS\SYSTEM32\BO2802040113.dll C:\WINDOWS\SYSTEM32\bUS.dll C:\Program Files\RXToolBar C:\WINDOWS\SYSTEM32\secure33.txt C:\WINDOWS\SYSTEM32\Xcite2.exe Click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box. Killbox may tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. Next in Killbox go to Tools > Delete Temp Files In the window that pops up, put a check by ALL the options there except these three: XP Prefetch Recent History Now click the Delete Selected Temp Files button. Exit the Killbox. * Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button then click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. * Restart back into Windows normally now. * Open your Firefox browser. Click on Tools, then Options Select the Privacy icon in the left-hand panel Click on Cookies Click on Stored Cookies Click on the Remove All Cookies button * Run Kaspersky online virus scan here. When given the option, choose the "Extended database" for the scan. When the scan is finished, Save the results from the scan! Post a new HiJackThis log along with the results from Kaspersky scan

pardo View Member Profile	Jan 23 2006, 02:37 PM Post #12
Member Posts: 10 OS: windos xp	Logfile of HijackThis v1.99.1 Scan saved at 3:36:33 PM, on 1/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\McAfee.com\MPS\mscifapp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NORTON~1\navapw32.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...438/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, January 23, 2006 15:32:55 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 23/01/2006 Kaspersky Anti-Virus database records: 172649 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 113123 Number of viruses found: 27 Number of infected objects: 90 Number of suspicious objects: 0 Duration of the scan process: 5832 sec Infected Object Name - Virus Name C:\!KillBox\1044446.exe Infected: Trojan.Win32.Dialer.q C:\!KillBox\604485.exe Infected: Trojan.Win32.Dialer.q C:\!KillBox\bH.dll Infected: Trojan-Dropper.Win32.Agent.og C:\!KillBox\BO2802040113.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d C:\!KillBox\Passe-partout.exe Infected: Trojan.Win32.Dialer.q C:\!KillBox\pre8.exe Infected: Trojan.Win32.EliteBar.d C:\!KillBox\secure33.txt Infected: not-virus:Hoax.Win32.Renos.y C:\!KillBox\Xcite.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.m C:\!KillBox\Xcite2.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.m C:\Documents and Settings\JPardo\Application Data\Mozilla\Firefox\Profiles\3qgymhl2.default\Cache(2)\A5642DEAd01 Infected: Trojan-Clicker.JS.Linker.h C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6960b293.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6960b293.zip Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7765947f-12b700af.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7765947f-12b700af.zip Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-de04413-637ec5a8.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-de04413-637ec5a8.zip Infected: Trojan.Java.ClassLoader.k C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60d4abfd-1650126d.zip/binny/binny.class Infected: Trojan.Java.Binny.a C:\Documents and Settings\JPardo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60d4abfd-1650126d.zip Infected: Trojan.Java.Binny.a C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.o C:\Program Files\Norton AntiVirus\Quarantine\19423500.tmp Infected: Trojan.Java.ClassLoader.ak C:\Program Files\Norton AntiVirus\Quarantine\30425E42.class Infected: Trojan.Java.ClassLoader.Dummy.d C:\Program Files\Norton AntiVirus\Quarantine\6A7A0042.tmp Infected: Trojan-Downloader.Java.OpenConnection.v C:\Program Files\Norton AntiVirus\Quarantine\6D4C069F.tmp Infected: Trojan.Java.ClassLoader.k C:\Program Files\Norton AntiVirus\Quarantine\6D4F309C.tmp Infected: Trojan.Java.Binny.a C:\Program Files\Norton AntiVirus\Quarantine\6D525A98.class Infected: Trojan.Java.ClassLoader.Dummy.d C:\Program Files\Norton AntiVirus\Quarantine\6D525A98.exe Infected: Trojan-Dropper.Win32.Small.hu C:\Program Files\Norton AntiVirus\Quarantine\6D525A98.tmp Infected: Trojan.Java.ClassLoader.z C:\Program Files\Norton AntiVirus\Quarantine\6D560494.exe Infected: Trojan-Downloader.Win32.Apropo.k C:\Program Files\Norton AntiVirus\Quarantine\6D560494.tmp Infected: Trojan-Downloader.Java.OpenStream.t C:\Program Files\Norton AntiVirus\Quarantine\73A31D80 Infected: Exploit.VBS.Phel.a C:\Program Files\Norton AntiVirus\Quarantine\760B3C41.tmp Infected: Trojan.Java.Binny.a C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0188274.exe Infected: Trojan-Downloader.Win32.IstBar.nj C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0188278.exe/Attach Infected: Trojan-Dropper.Win32.Agent.kd C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0188278.exe/Host Infected: Trojan-Downloader.Win32.Small.aqt C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0188278.exe Infected: Trojan-Downloader.Win32.Small.aqt C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0189690.dll Infected: not-a-virus:AdWare.Win32.EliteBar.bb C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0189711.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.am C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0189783.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0189816.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0189828.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP508\A0189863.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP508\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP508\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP508\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP508\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0189879.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0189933.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0190503.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0190504.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\snapshot\MFEX-1.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\snapshot\MFEX-2.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\snapshot\MFEX-53.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\snapshot\MFEX-9.DAT Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0190586.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0190587.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0190644.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP516\A0191773.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP517\A0191800.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP517\A0191850.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0192033.exe Infected: Trojan.Win32.StartPage.nk C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0192034.dll Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0192035.exe Infected: Trojan.Win32.EliteBar.h C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193484.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.m C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193489.exe Infected: Trojan.Win32.Dialer.q C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193490.exe Infected: Trojan.Win32.EliteBar.d C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193491.dll Infected: Trojan-Dropper.Win32.Agent.og C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193492.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0193493.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.m C:\WINDOWS\Downloaded Program Files\CONFLICT.1\604485.exe Infected: Trojan.Win32.Dialer.q C:\WINDOWS\Downloaded Program Files\CONFLICT.2\604485.exe Infected: Trojan.Win32.Dialer.q C:\WINDOWS\ounpck.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Webdir.a C:\WINDOWS\ounpck.exe/stream/data0002 Infected: Trojan-Downloader.Win32.IstBar.er C:\WINDOWS\ounpck.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er C:\WINDOWS\ounpck.exe Infected: Trojan-Downloader.Win32.IstBar.er Scan process completed.

Flrman1 View Member Profile	Jan 23 2006, 05:27 PM Post #13
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	* Go to Control Panel > Java. On the General tab under "Temporary Internet Files", click the "Delete Files" button to clear the Java cache. * * Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button then click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. * Open your Firefox browser. Click on Tools, then Options Select the Privacy icon in the left-hand panel Click on Cookies Click on Stored Cookies Click on the Remove All Cookies button * You have an old vulnerable version of Java installed. Go to Control Panel > Add/Remove programs and uninstall any Java Runtime Environment or J2SE Runtime Environment entries that are there. You may have more than one because the Java updates do not remove the old ones. Those can still be exploited even when the newest is installed. * Now go here and install the latest version of Java. * Double-click on Killbox.exe to run it. Put a tick by Delete on Reboot. Copy the following list of files to clipboard: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\604485.exe C:\WINDOWS\ounpck.exe Next in Killbox go to File > Paste from clipboard Click on the All Files button. Next click on the button that has the red circle with the white X in the middle. It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. Click Yes and let the computer reboot. * After it reboots, go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan. When the scan is finished, anything that it cannot clean have it delete it. Post a new HiJackThis log and report back what the Housecall scan found.

pardo View Member Profile	Jan 24 2006, 02:12 PM Post #14
Member Posts: 10 OS: windos xp	i did the house call and an option came up to delete the files, i did. then nothing happened after. the screen was just idle. so i did that and here is the new hijack this. Logfile of HijackThis v1.99.1 Scan saved at 3:10:35 PM, on 1/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...438/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Flrman1 View Member Profile	Jan 24 2006, 06:02 PM Post #15
Malware Assassin Posts: 6,596 OS: XP Home, XP Pro, Vista	The log is clean. How is everything now?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing aurora/nail.exe/poller.exe [RESOLVED]	10 / 1,258	2nd July 2005 - 10:17 AM galdenhart started - last by usetobe
Virus, Spyware and Trojan Removal Need Help Removing "DriveCleaner" from Registry	7 / 381	24th November 2006 - 10:26 PM mentor2k started - last by mentor2k
Virus, Spyware and Trojan Removal Need help removing "Win32:Spyware-gen" and "Win32:Homle	1 / 487	29th June 2008 - 01:16 PM ljohnson4541 started - last by ljohnson4541
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen Virus [RESOLVED]	3 / 401	9th December 2008 - 10:38 PM bwelty started - last by fenzodahl512
Virus, Spyware and Trojan Removal Need help removing "Clickfraudmanager" [Solved] 12	21 / 1,163	3rd March 2009 - 12:47 AM rmcfly started - last by Jimmy2012