Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
 
 Closed TopicStart new topic
Need help to remove Aurora virus [RESOLVED]
msblondegecko
post Aug 2 2005, 10:50 AM
Post #1


New Member
*
Posts: 4
OS: XP
Please help me...I have been living with this nasty Aurora virus for awhile now and have had no luck in getting rid of it. However, I found your site last night and have been following the instructions on the "Malware removal - read this before posting a Hijackthis log" page. I have run:
- Cleanup
- Ad-Aware SE
- CW Shredder
- Spybot S&D
- Ewido Security Suite
- Trend Housecall
- Windows Update (sp1)
* rebooted
- Hijack This

And now here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:04 AM, on 8/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: SymmTime.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123000157357
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58ACBD9C-6AD0-4DE5-B9C7-D6449F53FFFE}: NameServer = 151.164.1.8,151.164.30.105
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
msblondegecko
post Aug 2 2005, 10:53 AM
Post #2


New Member
*
Posts: 4
OS: XP
Also, here is the scan report from Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:32:54 AM, 8/2/2005
+ Report-Checksum: EDB33BF0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{D6964FD8-3AF1-4A2A-ABB7-3D0C62924FD6} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6964FD8-3AF1-4A2A-ABB7-3D0C62924FD6} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
[1076] C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.13:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.21:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.37:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.38:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.63:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.64:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.65:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.72:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.80:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.84:C:\Documents and Settings\dwscls\Application Data\Mozilla\Profiles\default\kg6juv1u.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\RECYCLER\S-1-5-21-97400744-1653462319-1608279117-1007\Dc10.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\RECYCLER\S-1-5-21-97400744-1653462319-1608279117-1007\Dc19.dll -> Spyware.Adstart : Cleaned with backup
C:\RECYCLER\S-1-5-21-97400744-1653462319-1608279117-1007\Dc5.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\iyhukfvkno.exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.6:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.13:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.16:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.17:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.18:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.23:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.24:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.25:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.26:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.27:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.28:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
-> : Error during cleaning
:mozilla.36:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.38:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.39:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.40:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.41:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.43:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.44:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.56:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.58:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.81:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.82:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.83:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.84:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.88:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.89:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.95:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.102:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.103:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.104:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.105:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.110:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.111:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.112:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.114:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.115:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.126:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.135:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.136:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.137:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.138:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.180:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.181:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.182:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.183:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.184:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.185:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.186:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.187:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.189:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.190:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.197:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.198:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.199:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.205:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
-> : Error during cleaning
:mozilla.207:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.212:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.232:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.235:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.236:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\lwaxnsog.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.fantasy.net.19249.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bundleradlogix.exe -> Trojan.Istall.b : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\WINDOWS\tpdmoc.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
Go to the top of the page
 
+Quote Post
Justin
post Aug 3 2005, 11:49 AM
Post #3


I do a little bit of everything
Group Icon
Posts: 2,350
From: Tucson, AZ
OS: Windows Vista Business - RTM
Hello, welcome to the GeekstoGo Forums!

My name is Justin, and I will be helping you clean up your system. Lets get started!

Please print out or copy this page to Notepad . Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix.
  • Download DSRFIX from HERE onto your Desktop.
    • Unzip and EXTRACT the files to your Desktop.
    • The program creates and names the new folder to house the files.
    • DO NOT RUN IT YET
  • Download Cleanup from Here (Alternate site if the above is not working Go Here)
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET
  • CLOSE INTERNET EXPLORER, if it is open


  • Open the folder dsrfix
    • Double click on the dsrfix batch file( the one with the little gear in it )
    • Once dsrfix has completed it will close on its own
  • Run Cleanup
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.
  • REBOOT your system.


  • Please restart HJT and post back a fresh HJT log for review.
Go to the top of the page
 
+Quote Post
msblondegecko
post Aug 3 2005, 12:12 PM
Post #4


New Member
*
Posts: 4
OS: XP
Did what you asked. Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:49 PM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: SymmTime.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123000157357
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58ACBD9C-6AD0-4DE5-B9C7-D6449F53FFFE}: NameServer = 151.164.1.8,151.164.30.105
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Justin
post Aug 3 2005, 12:15 PM
Post #5


I do a little bit of everything
Group Icon
Posts: 2,350
From: Tucson, AZ
OS: Windows Vista Business - RTM
Hello!

Please reopen HiJackThis and scan your computer. Please place a check mark next to the following entries. Be sure to select only the entries that are listed below, as deleting the wrong file could cause harm to your system.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)


Next, please close all programs except for HiJackThis, and select Fix Checked.
Reboot your computer

Then post a new HiJackThis log, and tell me how the computer is running. thumbsup.gif
Go to the top of the page
 
+Quote Post
msblondegecko
post Aug 3 2005, 12:26 PM
Post #6


New Member
*
Posts: 4
OS: XP
Justin, I think you fixed it! I am not getting Aurora popups anymore. wub.gif

Logfile of HijackThis v1.99.1
Scan saved at 1:23:21 PM, on 8/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: SymmTime.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123000157357
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58ACBD9C-6AD0-4DE5-B9C7-D6449F53FFFE}: NameServer = 151.164.1.8,151.164.30.105
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Go to the top of the page
 
+Quote Post
Justin
post Aug 3 2005, 02:09 PM
Post #7


I do a little bit of everything
Group Icon
Posts: 2,350
From: Tucson, AZ
OS: Windows Vista Business - RTM
Hello!

Your log is clean!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
Go to the top of the page
 
+Quote Post
Justin
post Aug 21 2005, 10:13 PM
Post #8


I do a little bit of everything
Group Icon
Posts: 2,350
From: Tucson, AZ
OS: Windows Vista Business - RTM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Collapse

> Similar Topics

    Topic Title Replies / Views Topic Information
No New Posts   1 / 690 15th February 2005 - 02:39 PM
Kevened started - last by Kevened
No New Posts   7 / 11,386 20th December 2005 - 08:49 PM
Gadget02 started - last by greyknight17
No New Posts   6 / 1,313 1st April 2006 - 08:28 PM
Spinplasm started - last by Kat
No New Posts   2 / 510 1st December 2008 - 03:03 AM
Brent 386 started - last by Octagonal

RSS Time is now: 21st November 2009 - 06:28 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.