Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I am screwed

Started by LangTaoTx028 , Nov 16 2006 02:34 AM

Please log in to reply

#1
LangTaoTx028

Posted 16 November 2006 - 02:34 AM

New Member

Member
5 posts

Hi I've been having trouble with Limewire booting up without me doing anything and i know the preferences are correct but it does it anyway. Somehow my antispyware didnt detect whatever it is i have thats causing this so i thought i'd post a log in the hopes that someone would be kind enough to take a look at it and give me any suggestions. Thanks a lot!

Logfile of HijackThis v1.99.1
Scan saved at 2:23:13 AM, on 11/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\wkssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\limewire\limewire.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\24.tmp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [WorkFlow] E:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxuk172DFUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4..../svcia32_EN.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O20 - AppInit_DLLs: c:\winnt\system32\win_k71.dll logonui.dll C:\WINNT\system32\nopdb.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: wksmss (WKS System Service) - Unknown owner - C:\WINNT\wkssvc.exe

#2
sari

Posted 16 November 2006 - 10:13 AM

GeekU Admin

Community Leader
21,806 posts

LangTaoTx028,

Hi, and welcome to Geeks to Go. We have a few things we need to do here.

Antvirus and Firewall

I don't see an anti-virus program on your PC, nor do I see a firewall. If you don't have one of those installed before we start cleaning, it will be a waste of time.

I recommend one of the following antivirus programs:

AVG Free
Avast

For a firewall, try this one: ZoneLabs.

P2P Programs

P2P Security Risks (with thanks to CrustyOldBloke)

P2P (peer-to-peer) file-sharing is a very popular and easy way for users to share music, movies, videos, and other files over the Internet. However, using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information, and even copyright infringement issues

Installation Of Malware
If you use P2P applications, it is difficult, if not impossible, to verify that the sources of the shared files are safe. P2P applications are often used by attackers to transmit malware (malicious software). The files may contain spyware, viruses, Trojan horses, or worms. When you download the files, your computer can become infected. Currently, experts have estimated that over 70% of the programmes shared on P2P networks contain some sort of malware.

Exposure Of Sensitive Information
When using P2P applications, you may unknowingly give other users access to personal or sensitive information that is stored on your computer. People may be able to access your financial or medical data, personal documents, sensitive corporate information, or other private information. If your computer contains other people's or companies' information, you may even become legally liable if their information gets released in this way.

Vulnerability To Unwanted Attacks
Many P2P applications require you to open specific ports on your firewall to send and receive the shared files through. However, by opening those ports, you may give attackers access to the information on your computer or enable them to attack your computer by taking advantage of any security vulnerabilities that may exist.

Self-Induced Denial Of Service
Downloading files with these applications causes a significant amount of traffic over your internet connection; it also relies on certain processes to happen on your computer. This activity may adversely limit or even block your access to the Internet while you are running these types of programmes.

Prosecution Due To Copyright Infringement
Downloading or sharing copyrighted software, music or videos is illegal. If you download them, even unknowingly, you may be faced with fines or other legal actions.

Conclusion
This article lists only a few of the risks that P2P programmes can open you up to. I urge you to strongly consider not using these types of programmes. If you still choose to use them, research what the best security settings are for the P2P programme you choose using your favourite search engine, use a very good firewall, run daily scans of your system with your antivirus and antispyware applications, constantly monitor the activity and file content in the shared directories to help ensure you don't violate any laws or expose your own data here.

Based on the above, I strongly recommend you uninstall Limewire, as it is most likely a contributor to your infections.

Newdotnet

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

AVG Anti-Spyware Scan
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Online Anti-virus scan
Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
If it wants to install an ActiveX component allow it
Select either Home User or Company
Click the big Scan Now button
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please include the following in your reply:

AVG Anti-spyware report
Activescan report
New hijackthis log,

Thanks,

sari

#3
LangTaoTx028

Posted 16 November 2006 - 06:58 PM

New Member

Topic Starter
Member
5 posts

HI again and thanks for helping out. Here are the scan reports you asked for:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:17:02 PM 11/16/2006

+ Scan result:

C:\WINNT\wkssvc.exe -> Backdoor.SdBot.aad : No action taken.

::Report end

ACTIVESCAN:

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\docume~1\johnno~1\applic~1\asembl~1\notepad.exe
Spyware:Spyware/New.net Not disinfected C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Spyware:Spyware/New.net Not disinfected C:\Program Files\NewDotNet\newdotnet7_22.dll
Adware:Adware/PurityScan Not disinfected C:\WINNT\system32\nopdb.dll
Spyware:spyware/new.net Not disinfected c:\program files\newdotnet\newdotnet7_22.dll
Potentially unwanted tool:application/funweb Not disinfected c:\winnt\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:spyware/media-motor Not disinfected c:\winnt\unstall.exe
Spyware:spyware/adclicker Not disinfected c:\winnt\usta33.ini
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Spyware:spyware/apropos Not disinfected c:\program files\AutoUpdate
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Potentially unwanted tool:application/regclean32 Not disinfected c:\program files\RegClean32
Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users.winnt\application data\vidctrl
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Spyware:spyware/linkreplacer Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Spyware:spyware/shopnav Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:Adware/WinAD Not disinfected C:\clearlogs.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\John Noriega\Application Data\a?sembly\notepad.exe
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.com.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.serving-sys.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Worker.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atwola[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@com[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@serving-sys[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tribalfusion[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\E2D28.tmp
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\F4F85.tmp[LMSetup.exe]
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temporary Internet Files\Content.IE5\EISTLG5F\installdrivecleanerstart[1].exe
Potentially unwanted tool:Application/RegClean32 Not disinfected C:\Documents and Settings\John Noriega\My Documents\Install.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.cab
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.inf
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.cab
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.inf
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down.cab[btiein.dll]
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down_.cab[btiein.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down__.cab
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\temp.cab
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI2E26.tmp\polall1r.cab
Adware:Adware/404Search Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI36F6.tmp\gsim.cab[gsim.dll]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][SearchUpgrader.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][system.cfg]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IF_Remover.exe]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IncFindBHO180.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131326_616_1876_820_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131330_1760_1852_564_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131460_1632_1792_2044_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131520_1632_1792_1856_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131582_1100_1924_1896_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65752_424_1924_2080_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65862_124_1924_2100_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65916_1100_1924_1876_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65968_1760_1852_2140_62.41.tmp1
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cas1fix.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappmf.dll]
Adware:Adware/Cmap Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappclient.exe]
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\installer4_thin.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\MediaGateway2
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\auto_update[1]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\banner[1].cab[banner.inf]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\ceres[1].cab
Hacktool:Exploit/Mhtredir.BS Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\counter[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[4].htm
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\upd209[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[3

#4
LangTaoTx028

Posted 16 November 2006 - 07:03 PM

New Member

Topic Starter
Member
5 posts

Sorry, but it seems i had so much crud from the active scan it wouldnt fit! anyway, here is the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:05:06 PM, on 11/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\24.tmp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [WorkFlow] E:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxuk172DFUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4..../svcia32_EN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O20 - AppInit_DLLs: c:\winnt\system32\win_k71.dll logonui.dll C:\WINNT\system32\nopdb.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: wksmss (WKS System Service) - Unknown owner - C:\WINNT\wkssvc.exe

#5
sari

Posted 17 November 2006 - 02:56 PM

GeekU Admin

Community Leader
21,806 posts

Could you verify that there are no other lines in the Activescan log after this one:

Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[3

That one definitely got cut off - I want to make sure nothing else was missed.

Thanks :whistling:

#6
LangTaoTx028

Posted 17 November 2006 - 09:57 PM

New Member

Topic Starter
Member
5 posts

Sorry heres the active scan again.

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\docume~1\johnno~1\applic~1\asembl~1\notepad.exe
Spyware:Spyware/New.net Not disinfected C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Spyware:Spyware/New.net Not disinfected C:\Program Files\NewDotNet\newdotnet7_22.dll
Adware:Adware/PurityScan Not disinfected C:\WINNT\system32\nopdb.dll
Spyware:spyware/new.net Not disinfected c:\program files\newdotnet\newdotnet7_22.dll
Potentially unwanted tool:application/funweb Not disinfected c:\winnt\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:spyware/media-motor Not disinfected c:\winnt\unstall.exe
Spyware:spyware/adclicker Not disinfected c:\winnt\usta33.ini
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Spyware:spyware/apropos Not disinfected c:\program files\AutoUpdate
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Potentially unwanted tool:application/regclean32 Not disinfected c:\program files\RegClean32
Adware:adware/delfinmedia Not disinfected c:\documents and settings\all users.winnt\application data\vidctrl
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Spyware:spyware/linkreplacer Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Spyware:spyware/shopnav Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:Adware/WinAD Not disinfected C:\clearlogs.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\John Noriega\Application Data\a?sembly\notepad.exe
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.com.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Noriega\Application Data\Mozilla\Firefox\Profiles\gl4g33co.default\cookies.txt[.serving-sys.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-562746ae-316a2f6e.zip[Worker.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-1bde2f45-4fd7c450.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\John Noriega\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-4205aa6d.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@com[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atwola[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@com[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@serving-sys[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tribalfusion[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\E2D28.tmp
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\F4F85.tmp[LMSetup.exe]
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temporary Internet Files\Content.IE5\EISTLG5F\installdrivecleanerstart[1].exe
Potentially unwanted tool:Application/RegClean32 Not disinfected C:\Documents and Settings\John Noriega\My Documents\Install.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.cab
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.inf
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.cab
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.inf
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down.cab[btiein.dll]
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down_.cab[btiein.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down__.cab
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\temp.cab
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI2E26.tmp\polall1r.cab
Adware:Adware/404Search Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI36F6.tmp\gsim.cab[gsim.dll]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][SearchUpgrader.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][system.cfg]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IF_Remover.exe]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IncFindBHO180.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131326_616_1876_820_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131330_1760_1852_564_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131460_1632_1792_2044_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131520_1632_1792_1856_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131582_1100_1924_1896_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65752_424_1924_2080_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65862_124_1924_2100_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65916_1100_1924_1876_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65968_1760_1852_2140_62.41.tmp1
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cas1fix.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappmf.dll]
Adware:Adware/Cmap Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappclient.exe]
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\installer4_thin.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\MediaGateway2
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\auto_update[1]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\banner[1].cab[banner.inf]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\ceres[1].cab
Hacktool:Exploit/Mhtredir.BS Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\counter[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[4].htm
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\upd209[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[3].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[5].htm

#7
LangTaoTx028

Posted 17 November 2006 - 10:01 PM

New Member

Topic Starter
Member
5 posts

sorry again but its not letting me post it all so this should be the rest of it.

Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john noriega@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\John Noriega\Cookies\john [email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@atwola[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@com[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@serving-sys[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john noriega@tribalfusion[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\Cookies\john [email protected][1].txt
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\E2D28.tmp
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temp\F4F85.tmp[LMSetup.exe]
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\John Noriega\Local Settings\Temporary Internet Files\Content.IE5\EISTLG5F\installdrivecleanerstart[1].exe
Potentially unwanted tool:Application/RegClean32 Not disinfected C:\Documents and Settings\John Noriega\My Documents\Install.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.cab
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\bi6.inf
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.cab
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\biini.inf
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down.cab[btiein.dll]
Adware:Adware/Qdown Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down_.cab[btiein.dll]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\down__.cab
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\temp.cab
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI2E26.tmp\polall1r.cab
Adware:Adware/404Search Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\THI36F6.tmp\gsim.cab[gsim.dll]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][SearchUpgrader.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[SearchUpgraderInstall_107.exe][system.cfg]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IF_Remover.exe]
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\noriegjp\Local Settings\Temp\UpdatedUpdaterInstall.exe[IncFindBHO180.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131326_616_1876_820_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131330_1760_1852_564_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131460_1632_1792_2044_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131520_1632_1792_1856_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\131582_1100_1924_1896_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65752_424_1924_2080_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65862_124_1924_2100_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65916_1100_1924_1876_62.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\65968_1760_1852_2140_62.41.tmp1
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\AutoUpdate0\setup.inf
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cas1fix.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappmf.dll]
Adware:Adware/Cmap Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\cmappsetup.exe[cmappclient.exe]
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\installer4_thin.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\MediaGateway2
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\auto_update[1]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\banner[1].cab[banner.inf]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\ceres[1].cab
Hacktool:Exploit/Mhtredir.BS Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\counter[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\dating[1].bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[1].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[2].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\marketing32[4].htm
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\upd209[1].exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[3].htm
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\vfb4399\Local Settings\Temporary Internet Files\Content.IE5\409S2X1A\webservice[5].htm

#8
sari

Posted 21 November 2006 - 02:53 PM

GeekU Admin

Community Leader
21,806 posts

LangTaotx28,

We have a few steps to follow. You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Check for Apropos rootkit:

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode.

Clean Temporary files:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Stop/Delete a Service:

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

wksmss (WKS System Service)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

(WKS System Service)

Click OK. It should pull up information about the service, then ask if you want to reboot. Click YES.

Additional Clean Up with Hijackthis:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\24.tmp
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxuk172DFUS
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: wksmss (WKS System Service) - Unknown owner - C:\WINNT\wkssvc.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

MyWebSearch

Please note any other programs that you dont recognize in that list in your next response

Show Hidden Files and Folders:

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Please delete these folders using Windows Explorer(if present):

C:\Documents and Settings\John Noriega\Application Data\a?sembly <-- This will look like Assembly, just delete that folder
C:\Program Files\NewDotNet
c:\program files\common files\WinSoftware
c:\program files\AutoUpdate
c:\program files\MyWebSearch
c:\program files\RegClean32

Please delete these files using Windows Explorer(if present):

c:\winnt\system32\win_k71.dll
C:\WINNT\system32\nopdb.dll
c:\winnt\downloaded program files\f3initialsetup1.0.0.15.inf
c:\winnt\unstall.exe
c:\winnt\usta33.ini
c:\documents and settings\all users.winnt\application data\vidctrl
C:\clearlogs.exe
C:\Documents and Settings\John Noriega\My Documents\Install.exe

After that, Reboot.

Post a new HiJackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Thanks,

sari