Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VX2.BetterInternet [CLOSED]


  • This topic is locked This topic is locked

#1
zakanealii

zakanealii

    Member

  • Member
  • PipPip
  • 20 posts
Hello. I seem to have another really nasty VX2 infection that I cannot get rid of. I have Spybot S&D, Spyblaster, AdAware, CWShredder, Window Washer, and my Norton Antivirus running, but it persists. Here's my HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 12:33:58 AM, on 5/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ERRORA~1\safeenc.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dent bolt] C:\PROGRA~1\ERRORA~1\safeenc.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E878E91-C171-4B26-BFDA-FA7FBD191E6A}: NameServer = 67.36.55.26 206.141.193.55


Where do I start? Thanks.

Zach
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
We'll need to see an Ad-aware log <_<
  • 0

#3
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok. I'm not sure what's going on here. I have been dealing with this VX2 junk for at least a couple weeks. Every time I run Ad-aware, it says it can't remove the VX2 stuff(usually 2 or 3 entries). I have run and rebooted probably 25 times and always the same message.....until today. For whatever reason, it is now gone. However, I saved an Ad-aware log just before, so here it is:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, May 07, 2004 12:07:18 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R302 03.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my Hosts file


5-7-2004 12:07:18 AM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-6-2004 3:48:15 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:48:17 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:48:17 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:48:17 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:48:18 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-6-2004 3:48:18 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/29/2002 11:00:00 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:48:19 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/29/2002 11:00:00 AM

#:8 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 12/4/2002 5:32:34 AM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 8/14/2002 11:29:26 PM

#:9 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 2, 0, 0, 34
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Dell
FileDescription : Support
InternalName : Support
OriginalFilename : Support.exe
ProductName : Dell Support
Created on : 8/22/2002 7:11:34 PM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 9/19/2003 7:46:26 PM

#:10 [popupkiller.exe]
FilePath : C:\Program Files\PopUp Killer\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1.09.0005
ProductVersion : 1.09.0005
CompanyName : xFX JumpStart
InternalName : PopUpKiller
OriginalFilename : PopUpKiller.exe
ProductName : PopUpKiller
Created on : 9/24/1999 3:32:00 PM
Last accessed : 5/7/2004 4:07:18 AM
Last modified : 4/30/2001 8:55:06 PM

#:11 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 2/27/2002 3:27:58 PM

#:12 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
Copyright : Copyright © 2001,2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 1/23/2002 3:20:16 PM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 3/23/2003 9:38:32 PM

#:13 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 5-6-2004 3:48:21 AM
BasePriority : Normal
FileSize : 360 KB
Created on : 6/30/2003 12:09:05 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 9/11/2002 1:26:26 AM

#:14 [safeenc.exe]
FilePath : C:\PROGRA~1\ERRORA~1\
ThreadCreationTime : 5-6-2004 3:48:22 AM
BasePriority : Normal
FileSize : 229 KB
Created on : 5/5/2004 9:45:24 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 5/5/2004 9:45:23 AM

#:15 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 5-6-2004 3:48:24 AM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/7/2001 11:06:54 PM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 8/7/2001 11:06:54 PM

#:16 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:49:29 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 8/29/2002 11:00:00 AM

#:17 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 5-6-2004 3:49:29 AM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
Copyright : Copyright © Eastman Kodak Co. 2000-1
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 10/9/2001 7:15:42 PM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 10/9/2001 7:15:42 PM

#:18 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 5-6-2004 3:49:29 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 2/27/2002 3:29:26 PM

#:19 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 5-6-2004 3:49:30 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
Copyright : Copyright © 2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 8/19/2003 5:33:08 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 2/5/2002 10:03:00 AM

#:20 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-6-2004 3:49:30 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 7:16:00 PM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 10/6/2003 7:16:00 PM

#:21 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ThreadCreationTime : 5-6-2004 3:49:33 AM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 8/19/2003 5:33:13 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 1/30/2002 10:00:00 AM

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-6-2004 3:55:03 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 8/29/2002 11:00:00 AM

#:23 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-6-2004 3:55:04 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:19 AM
Last modified : 8/29/2002 11:00:00 AM

#:24 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:55:54 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:20 AM
Last modified : 8/29/2002 11:00:00 AM

#:25 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-6-2004 3:55:55 AM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/7/2004 4:07:20 AM
Last modified : 8/29/2002 11:00:00 AM

#:26 [wtoolsa.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5-6-2004 3:58:02 AM
BasePriority : Normal
FileSize : 429 KB
Created on : 5/6/2004 3:58:02 AM
Last accessed : 5/7/2004 4:07:20 AM
Last modified : 5/3/2004 12:41:40 PM

#:27 [wsup.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5-6-2004 3:58:03 AM
BasePriority : Normal
FileSize : 429 KB
Created on : 5/6/2004 3:58:03 AM
Last accessed : 5/7/2004 4:07:20 AM
Last modified : 5/3/2004 12:41:40 PM

#:28 [wtoolss.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5-6-2004 4:00:12 AM
BasePriority : Normal
FileSize : 75 KB
Created on : 5/6/2004 3:58:07 AM
Last accessed : 5/7/2004 3:18:35 AM
Last modified : 4/20/2004 12:01:14 PM

#:29 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 5-7-2004 3:48:23 AM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 7/2/2003 5:02:08 AM
Last accessed : 5/7/2004 3:48:23 AM
Last modified : 7/2/2003 5:02:08 AM

#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-7-2004 4:06:44 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/13/2004 12:14:27 AM
Last accessed : 5/7/2004 4:06:44 AM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


VX2.BetterInternet Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 2
Objects found so far: 2


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 2


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
11 entries scanned.
New objects :0
Objects found so far: 2




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian


Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 3


12:10:01 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:42:156
Objects scanned :56111
Objects identified :3
Objects ignored :0
New objects :3



Also, I have done very little surfing(no porn), but I keep getting all kinds of junk showing up in Ad-aware. Mostly it's various incarnations of VX2, but also a LOT of Virtumundo, allaboutsearching, zestyfind, some "camp" toolbar, and others. I can literally run Ad-aware, then reboot, and rerun Ad-aware and wa-la!, another large load of crap again. I can do this 20 times in a row, and still things keep coming up. There must be something still in my system that keeps throwing this crap out. :D

Thanks for your help <_<

Zach
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
That's unusual, I was looking for a cpy.dll file. Did you have the latest reference file installed?

Let's try this link first:
http://www.geekstogo...ction=show&id=2

Just download and run <_<
  • 0

#5
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello again. Because of all this, I have been checking for new Ad-aware reference files everyday. Reference file 01R303 08.05.2004 loaded. Spybot, Norton, Windows are also currently updated. I downloaded and ran Kill2me.exe as directed. I also ran CWShredder again. I then rebooted and here is the Ad-aware log that showed:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, May 08, 2004 7:20:03 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R303 08.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my Hosts file


5/8/2004 7:20:03 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5/8/2004 11:08:01 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:03 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:03 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:10 PM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:03 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:10 PM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:04 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:10 PM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5/8/2004 11:08:04 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:10 PM
Last modified : 8/29/2002 11:00:00 AM

#:7 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:05 PM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:19:30 PM
Last modified : 8/29/2002 11:00:00 AM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:08:06 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:10 PM
Last modified : 8/29/2002 11:00:00 AM

#:9 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 12/4/2002 5:32:34 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 8/14/2002 11:29:26 PM

#:10 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 2, 0, 0, 34
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Dell
FileDescription : Support
InternalName : Support
OriginalFilename : Support.exe
ProductName : Dell Support
Created on : 8/22/2002 7:11:34 PM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 9/19/2003 7:46:26 PM

#:11 [popupkiller.exe]
FilePath : C:\Program Files\PopUp Killer\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1.09.0005
ProductVersion : 1.09.0005
CompanyName : xFX JumpStart
InternalName : PopUpKiller
OriginalFilename : PopUpKiller.exe
ProductName : PopUpKiller
Created on : 9/24/1999 3:32:00 PM
Last accessed : 5/8/2004 11:18:00 PM
Last modified : 4/30/2001 8:55:06 PM

#:12 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/8/2004 11:08:09 PM
Last modified : 2/27/2002 3:27:58 PM

#:13 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
Copyright : Copyright © 2001,2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 1/23/2002 3:20:16 PM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 3/23/2003 9:38:32 PM

#:14 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 360 KB
Created on : 6/30/2003 12:09:05 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 9/11/2002 1:26:26 AM

#:15 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 7/2/2003 5:02:08 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 7/2/2003 5:02:08 AM

#:16 [safeenc.exe]
FilePath : C:\PROGRA~1\ERRORA~1\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 229 KB
Created on : 5/5/2004 9:45:24 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 5/8/2004 4:51:57 AM

#:17 [wtoolsa.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5/8/2004 11:08:09 PM
BasePriority : Normal
FileSize : 429 KB
Created on : 5/6/2004 3:58:02 AM
Last accessed : 5/8/2004 11:10:33 PM
Last modified : 5/3/2004 12:41:40 PM

#:18 [washer.exe]
FilePath : C:\Program Files\Washer\
ThreadCreationTime : 5/8/2004 11:08:10 PM
BasePriority : Normal
FileSize : 2689 KB
FileVersion : 4.1.1.3
ProductVersion : 4.1
Copyright : Copyright 1998-2001 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Window Washer
Created on : 12/7/2002 7:29:40 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 9/5/2001 8:53:32 PM

#:19 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 5/8/2004 11:08:11 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/7/2001 11:06:54 PM
Last accessed : 5/8/2004 11:20:04 PM
Last modified : 8/7/2001 11:06:54 PM

#:20 [nmain.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5/8/2004 11:08:30 PM
BasePriority : Normal
FileSize : 533 KB
FileVersion : 5.01.05
ProductVersion : 5.01.05
Copyright : Copyright © 1997-2001 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Integrator
InternalName : Norton Integrator
OriginalFilename : NMAIN.EXE
ProductName : Norton Integrator
Created on : 9/28/2003 9:45:50 PM
Last accessed : 5/8/2004 11:09:51 PM
Last modified : 12/6/2001 5:34:24 PM

#:21 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:09:14 PM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:11 PM
Last modified : 8/29/2002 11:00:00 AM

#:22 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 5/8/2004 11:09:14 PM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
Copyright : Copyright © Eastman Kodak Co. 2000-1
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 10/9/2001 7:15:42 PM
Last accessed : 5/8/2004 11:03:11 PM
Last modified : 10/9/2001 7:15:42 PM

#:23 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 5/8/2004 11:09:14 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/8/2004 11:03:11 PM
Last modified : 2/27/2002 3:29:26 PM

#:24 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 5/8/2004 11:09:15 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
Copyright : Copyright © 2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 8/19/2003 5:33:08 AM
Last accessed : 5/8/2004 11:03:11 PM
Last modified : 2/5/2002 10:03:00 AM

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5/8/2004 11:09:15 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 7:16:00 PM
Last accessed : 5/8/2004 11:03:12 PM
Last modified : 10/6/2003 7:16:00 PM

#:26 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ThreadCreationTime : 5/8/2004 11:09:18 PM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 8/19/2003 5:33:13 AM
Last accessed : 5/8/2004 11:03:12 PM
Last modified : 1/30/2002 10:00:00 AM

#:27 [wtoolss.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5/8/2004 11:09:19 PM
BasePriority : Normal
FileSize : 75 KB
Created on : 5/6/2004 3:58:07 AM
Last accessed : 5/8/2004 11:11:28 PM
Last modified : 4/20/2004 12:01:14 PM

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5/8/2004 11:10:25 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/13/2004 12:14:27 AM
Last accessed : 5/8/2004 11:15:21 PM
Last modified : 7/13/2003 2:00:20 AM

#:29 [wsup.exe]
FilePath : C:\Program Files\Common files\WinTools\
ThreadCreationTime : 5/8/2004 11:11:27 PM
BasePriority : Normal
FileSize : 429 KB
Created on : 5/6/2004 3:58:03 AM
Last accessed : 5/8/2004 11:11:27 PM
Last modified : 5/3/2004 12:41:40 PM

#:30 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:15:42 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:12 PM
Last modified : 8/29/2002 11:00:00 AM

#:31 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5/8/2004 11:15:43 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:03:12 PM
Last modified : 8/29/2002 11:00:00 AM

#:32 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 5/8/2004 11:16:32 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:16:35 PM
Last modified : 8/29/2002 11:00:00 AM

#:33 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5/8/2004 11:19:43 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/8/2004 11:19:45 PM
Last modified : 8/29/2002 11:00:00 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : BTIEINScriptConfigProj.BTIEINScriptConfig


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{26E8361F-BCE7-4F75-A347-98C88B418322}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{63B78BC1-A711-4D46-AD2F-C581AC420D41}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{26E8361F-BCE7-4F75-A347-98C88B418321}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Handler\tpro


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\BTIEIN


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\BTIEIN


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{63B78BC1-A711-4D46-AD2F-C581AC420D41}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972}


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.ResProtocol


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Typelib\{26E8361F-BCE7-4F75-A347-98C88B418328}


IBIS Toolbar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 17
Objects found so far: 17


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barallaboutsearching.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://allaboutsearc...searchbar.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://allaboutsearc...searchbar.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantallaboutsearching.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://allaboutsearc...searchbar.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://allaboutsearc...searchbar.html"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 2
Objects found so far: 19


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : File
Data : 2ndsrch.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/1/2004 10:54:45 AM
Last accessed : 5/8/2004 11:08:00 PM
Last modified : 5/1/2004 10:54:45 AM



VX2.BetterInternet Object recognized!
Type : File
Data : 2zdsrch.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/4/2004 9:51:33 PM
Last accessed : 5/8/2004 11:22:15 PM
Last modified : 5/1/2004 10:54:45 AM



VX2.BetterInternet Object recognized!
Type : File
Data : altiveds.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/2/2004 4:41:25 PM
Last accessed : 5/8/2004 11:22:15 PM
Last modified : 5/1/2004 10:54:45 AM



VX2.BetterInternet Object recognized!
Type : File
Data : amvpack.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/5/2004 4:30:36 AM
Last accessed : 5/8/2004 11:22:15 PM
Last modified : 5/1/2004 10:54:45 AM



VX2.BetterInternet Object recognized!
Type : File
Data : aotiveds.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/4/2004 4:02:46 AM
Last accessed : 5/8/2004 11:22:16 PM
Last modified : 5/1/2004 10:54:45 AM



VX2.BetterInternet Object recognized!
Type : File
Data : axsldp.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/6/2004 3:48:20 AM
Last accessed : 5/8/2004 11:22:16 PM
Last modified : 5/1/2004 10:54:45 AM



IBIS Toolbar Object recognized!
Type : File
Data : btiein.dll
Object : C:\WINDOWS\System32\
FileSize : 201 KB
Created on : 5/8/2004 11:17:40 PM
Last accessed : 5/8/2004 11:17:40 PM
Last modified : 5/8/2004 11:17:40 PM




Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
11 entries scanned.
New objects :0
Objects found so far: 26




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Toolbar


IBIS Toolbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Toolbar


IBIS Toolbar Object recognized!
Type : Folder
Object : c:\program files\Toolbar


IBIS Toolbar Object recognized!
Type : File
Data : cursors
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/8/2004 11:17:45 PM



IBIS Toolbar Object recognized!
Type : File
Data : iexploreskins.exe
Object : c:\program files\toolbar\
FileSize : 6 KB
Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:54 PM
Last modified : 3/19/2004 8:21:54 AM



IBIS Toolbar Object recognized!
Type : File
Data : rw.wzg
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:53 PM
Last accessed : 5/8/2004 11:17:59 PM
Last modified : 5/8/2004 11:17:59 PM



IBIS Toolbar Object recognized!
Type : File
Data : skins
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:56 PM
Last modified : 5/8/2004 11:17:55 PM



IBIS Toolbar Object recognized!
Type : File
Data : temp
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:54 PM
Last accessed : 5/8/2004 11:17:54 PM
Last modified : 5/8/2004 11:17:54 PM



IBIS Toolbar Object recognized!
Type : File
Data : toolbar.dll
Object : c:\program files\toolbar\
FileSize : 617 KB
Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/6/2004 2:01:30 PM



IBIS Toolbar Object recognized!
Type : File
Data : xlmurin.wzg
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:48 PM
Last accessed : 5/8/2004 11:19:46 PM
Last modified : 5/8/2004 11:19:46 PM



IBIS Toolbar Object recognized!
Type : File
Data : xzxsv.wzg
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:53 PM
Last accessed : 5/8/2004 11:17:59 PM
Last modified : 5/8/2004 11:17:59 PM



IBIS Toolbar Object recognized!
Type : File
Data : yildhvi.olt
Object : c:\program files\toolbar\

Created on : 5/8/2004 11:17:56 PM
Last accessed : 5/8/2004 11:18:02 PM
Last modified : 5/8/2004 11:18:02 PM



IBIS Toolbar Object recognized!
Type : File
Data : frequently asked questions.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/8/2004 11:17:45 PM



IBIS Toolbar Object recognized!
Type : File
Data : home.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/8/2004 11:17:45 PM



IBIS Toolbar Object recognized!
Type : File
Data : privacy policy.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/8/2004 11:17:45 PM



IBIS Toolbar Object recognized!
Type : File
Data : terms of use.url
Object : c:\documents and settings\all users\start menu\programs\web search tools\

Created on : 5/8/2004 11:17:45 PM
Last accessed : 5/8/2004 11:17:45 PM
Last modified : 5/8/2004 11:17:45 PM



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 18
Objects found so far: 44


7:22:55 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:51:562
Objects scanned :56478
Objects identified :44
Objects ignored :0
New objects :44


This then initiates another round of browser/homepage hijacking, pop up ads, and total rearranging of my favorites, along with addition of about 30 new ones. Also, it shuts off Norton Antivirus and blocks me from opening any Norton Program. So I reran Ad-aware and cleared everything out. This works temporarily, but if the computer is idle for any length of time, nothing works and I have to reboot and do all this again.

It is truly sad that there are people out there who actually write this kind of crap on purpose. I am thankful for this website and people here who are so willing to help. Thank you.

Zach
  • 0

#6
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Can someone check out my latest log and help me figure this out? Thanks.

Zach
  • 0

#7
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ERRORA~1\safeenc.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dent bolt] C:\PROGRA~1\ERRORA~1\safeenc.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E878E91-C171-4B26-BFDA-FA7FBD191E6A}: NameServer = 67.36.55.26 206.141.193.55

Be sure you're able to view hidden files, and remove the following files if found:
C:\Program Files\BroadJump <- this folder
C:\PROGRAM FILES\ERRORA... <- this folder (name abbreviated)
C:\Program Files\Common files\WinTools\ <- this folder

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log. <_<
  • 0

#8
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok. I did as directed, except for this:

C:\Program Files\BroadJump <- this folder

I know this contains the programming for my DSL connection. Should I still remove it? Removing everything else seemed to help. Things run much faster, and Ad-aware does not detect anything. However, I have two concerns. First, when I rebooted, something was totally disabling my Norton Antivirus protection(All Norton programs actually). I'm not sure if this is normal for Windows or not. It lasted well beyond completion of the reboot. Second, when I opened a browser window, my homepage was reset to www.msn.com. I suppose this may be a windows default? However, my pop up blocker nailed several other browser windows opened to http://69.20.62.53/yyy7.html, zestyfind.com, and http://65.61.157.153...urbo/Adm/ad.htm among others. I don't know if these are simple pop ups from the net, but my homepage was www.alltheweb.com and I never saw popups there before. Zestyfind.com always seemed to be tied to the other garbage I dealt with, so I am suspiscious that something is still lurking on my computer. Here's the new log:

Logfile of HijackThis v1.97.7
Scan saved at 11:15:20 PM, on 5/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots....SDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E878E91-C171-4B26-BFDA-FA7FBD191E6A}: NameServer = 67.36.55.26 206.141.193.55


Thanks again.

Zach
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
RE: C:\Program Files\BroadJump

Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.


my homepage was reset to www.msn.com. I suppose this may be a windows default?

Correct, you can change it to whatever you want.

However, my pop up blocker nailed several other browser windows opened

We still have a couple of things to fix.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E878E91-C171-4B26-BFDA-FA7FBD191E6A}: NameServer = 67.36.55.26 206.141.193.55

First, when I rebooted, something was totally disabling my Norton Antivirus protection(All Norton programs actually). I'm not sure if this is normal for Windows or not. It lasted well beyond completion of the reboot

You may want to try removing NAV from add/remove programs, and then reinstall it. <_<
  • 0

#10
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I removed the Broadjump folder completely, plus the other items you suggested, except for this one:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E878E91-C171-4B26-BFDA-FA7FBD191E6A}: NameServer = 67.36.55.26 206.141.193.55

It did not appear in the log, so I could not remove it. I assume that's a good thing.

So it appears to be all gone now! <_< Yay!

Thanks guys!

Zach
  • 0

Advertisements


#11
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
<_< Arrrrrgh! VX2 is back! Again. I just cannot get rid of this. I have updated to the lasted build of Ad-aware, I reran Kill2me.exe, Spybot S&D, Windows update, Spyblaster, CWShredder, and NAV(Liveupdate is current). I rebooted in safe mode and ran HJT, but nothing out of the ordinary, except of course another browser hijacking. What else can I do? Thanks.

Zach

Here's the latest Ad-Aware log:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Thursday, May 20, 2004 2:42:21 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R306 19.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my Hosts file


5-20-2004 2:42:21 AM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-20-2004 6:40:36 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:37 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:37 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:33 AM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:37 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:33 AM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:33 AM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-20-2004 6:40:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:33 AM
Last modified : 8/29/2002 11:00:00 AM

#:7 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:40 AM
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 6:40:43 AM
Last modified : 8/29/2002 11:00:00 AM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:40:40 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:33 AM
Last modified : 8/29/2002 11:00:00 AM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-20-2004 6:40:43 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 6:23:53 AM
Last modified : 8/29/2002 11:00:00 AM

#:10 [popupkiller.exe]
FilePath : C:\Program Files\PopUp Killer\
ThreadCreationTime : 5-20-2004 6:40:44 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1.09.0005
ProductVersion : 1.09.0005
CompanyName : xFX JumpStart
InternalName : PopUpKiller
OriginalFilename : PopUpKiller.exe
ProductName : PopUpKiller
Created on : 9/24/1999 3:32:00 PM
Last accessed : 5/20/2004 6:40:35 AM
Last modified : 4/30/2001 8:55:06 PM

#:11 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ThreadCreationTime : 5-20-2004 6:40:44 AM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/20/2004 6:40:44 AM
Last modified : 2/27/2002 3:27:58 PM

#:12 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 5-20-2004 6:40:44 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
Copyright : Copyright © 2001,2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 1/23/2002 3:20:16 PM
Last accessed : 5/20/2004 6:40:35 AM
Last modified : 3/23/2003 9:38:32 PM

#:13 [washer.exe]
FilePath : C:\Program Files\Washer\
ThreadCreationTime : 5-20-2004 6:40:44 AM
BasePriority : Normal
FileSize : 2689 KB
FileVersion : 4.1.1.3
ProductVersion : 4.1
Copyright : Copyright 1998-2001 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Window Washer
Created on : 12/7/2002 7:29:40 AM
Last accessed : 5/20/2004 6:40:35 AM
Last modified : 9/5/2001 8:53:32 PM

#:14 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 5-20-2004 6:40:45 AM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/7/2001 11:06:54 PM
Last accessed : 5/20/2004 6:40:45 AM
Last modified : 8/7/2001 11:06:54 PM

#:15 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-20-2004 6:41:47 AM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/20/2004 5:52:34 AM
Last modified : 8/29/2002 11:00:00 AM

#:16 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 5-20-2004 6:41:47 AM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
Copyright : Copyright © Eastman Kodak Co. 2000-1
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 10/9/2001 7:15:42 PM
Last accessed : 5/20/2004 5:52:34 AM
Last modified : 10/9/2001 7:15:42 PM

#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 5-20-2004 6:41:47 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/20/2004 5:47:48 AM
Last modified : 2/27/2002 3:29:26 PM

#:18 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 5-20-2004 6:41:50 AM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
Copyright : Copyright © 2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 8/19/2003 5:33:08 AM
Last accessed : 5/20/2004 5:52:34 AM
Last modified : 2/5/2002 10:03:00 AM

#:19 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-20-2004 6:41:50 AM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 7:16:00 PM
Last accessed : 5/20/2004 5:52:34 AM
Last modified : 10/6/2003 7:16:00 PM

#:20 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ThreadCreationTime : 5-20-2004 6:41:51 AM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 8/19/2003 5:33:13 AM
Last accessed : 5/20/2004 5:52:34 AM
Last modified : 1/30/2002 10:00:00 AM

#:21 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-20-2004 6:42:12 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/13/2004 12:14:27 AM
Last accessed : 5/20/2004 6:42:12 AM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : File
Data : 6fo4svc.dll
Object : C:\WINDOWS\System32\
FileSize : 309 KB
Created on : 5/20/2004 6:40:40 AM
Last accessed : 5/20/2004 6:40:40 AM
Last modified : 5/6/2004 3:55:00 AM




Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
11 entries scanned.
New objects :0
Objects found so far: 1




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


2:45:05 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:43:125
Objects scanned :56450
Objects identified :1
Objects ignored :0
New objects :1
  • 0

#12
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Try this uninstaller: http://www.look2me.c...bin/UnInstaller

If that doesn't work there are some lengthy manual removal instructions we can give you. <_<
  • 0

#13
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Interestingly enough, something will not allow me to download this program. I just got a message that says my settings will not allow it. I went in and reduced the security and privacy settings to low, and turned Spyblaster protection off, but it still won't let me dowload. If this program is Kill2me.exe, I already have it, have run it, and still the problems persist. Is this the same program? Is so, what's next?

Thanks.

Zach
  • 0

#14
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
It's been added as a restricted site, which is good <_< Try downloading from the link below:
http://www.geekstogo...=download&id=16
  • 0

#15
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

VirtuaNews Message
You do not have permission to do this action. If you think you should do, please contact the webmaster


The link to the webmaster won't work for me either. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP