Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Difficult Trojan problems


  • Please log in to reply

#1
RichardG

RichardG

    New Member

  • Member
  • Pip
  • 1 posts
I have run all the steps, every detail, of the Malware removal instructions, and I still have two trojans: Zlob.BPE and IFrame.P (or is it lFrame.P?).

Below are the logfiles of my superantiSpyware scan, My Panda Active Scan, as well as the hijack this scan and the uninstall list:

SUPERAntiSpyware Scan Log
Generated 05/11/2007 at 01:10 PM

Application Version : 3.6.1000

Core Rules Database Version : 3236
Trace Rules Database Version: 1247

Scan type : Complete Scan
Total Scan Time : 02:06:43

Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 5512
Registry threats detected : 26
File items scanned : 72550
File threats detected : 13

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}\Implemented Categories
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}\InprocServer32
HKCR\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKLM\Software\Classes\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
HKCR\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
HKCR\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}#xxx
HKCR\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}\InprocServer32
HKCR\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKU\S-1-5-21-854245398-2000478354-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{31615D5C-5126-448A-818A-A7CDFEE85A9B}
HKCR\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}
C:\Program Files\Video ActiveX Access\iesbunst.exe
C:\Program Files\Video ActiveX Access\iesunst.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Video ActiveX Access\imsunst.exe
C:\Program Files\Video ActiveX Access\ot.ico
C:\Program Files\Video ActiveX Access\ts.ico
C:\Program Files\Video ActiveX Access\uninst.exe
C:\Program Files\Video ActiveX Access

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}
HKCR\CLSID\{735E980D-45D2-4777-AF82-9923D3C8D3AE}
HKCR\CLSID\{735E980D-45D2-4777-AF82-9923D3C8D3AE}\InProcServer32
HKCR\CLSID\{735E980D-45D2-4777-AF82-9923D3C8D3AE}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\KGKDBSK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{735e980d-45d2-4777-af82-9923d3c8d3ae}

Registry Cleaner Trial
C:\Documents and Settings\Rich\Application Data\Registry Cleaner

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\RICH\FAVORITES\ONLINE SECURITY TEST.URL


Panda Active Scan logfile:

Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.go.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Rich\Application Data\Mozilla\Firefox\Profiles\wahn3g8n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Rich\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\figf3hx1.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\figf3hx1.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\figf3hx1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\figf3hx1.default\cookies.txt[.terra.com.br/]
Virus:Trj/Brospy.D Disinfected Personal Folders\Inbox\YOUR ACCOUNT LIMITED\PE-901-449-020.jpg.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\WINDOWS\Downloaded Program Files\WinadX.inf
Adware:Adware/SAHAgent Not disinfected C:\Documents and Settings\Rich\Desktop\Old Drive\WINDOWS\INF\biM.inf
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00121425.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121425.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121469.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121470.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121487.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121519.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121530.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121531.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121532.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121533.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121534.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121535.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121536.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121537.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121554.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121555.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121565.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121566.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121567.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121579.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121580.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121581.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121582.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121584.MOZ[.go.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00121585.MOZ[.go.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123111.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123111.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123111.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123112.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123112.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123112.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123113.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123113.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123113.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123180.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123180.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123180.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123211.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123211.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123211.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123212.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123212.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123212.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123216.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123216.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123216.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123343.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123343.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123343.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123570.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123570.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123570.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123571.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123571.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123571.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123572.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123572.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123572.MOZ[.xiti.com/]
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00123573.MOZ[.ccbill.com/]
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\NPROTECT\00123573.MOZ[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00123573.MOZ[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123576.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123576.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123577.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123577.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123713.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123713.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123824.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123824.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123825.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123825.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123828.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123828.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123829.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123829.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123834.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123834.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123835.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123835.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123836.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123836.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123837.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123837.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123838.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123838.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123839.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123839.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123840.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123840.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123841.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123841.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123842.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123842.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123843.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123843.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123844.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123844.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123846.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123846.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123847.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123847.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123848.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123848.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123849.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123849.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123850.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123850.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123856.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123856.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123859.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123859.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123866.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123866.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123867.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123867.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123875.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123875.MOZ[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00123880.MOZ[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00123880.MOZ[.go.com/]

Hijack this scan log:
Logfile of HijackThis v1.99.1
Scan saved at 11:14:04 AM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hphmon07.exe
C:\PROGRA~1\HEWLET~1\{C8EEA~1\pexpress\hphPED07.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb99.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [HPHUPD07] C:\Program Files\Hewlett-Packard\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe
O4 - HKLM\..\Run: [HPHmon07] C:\WINDOWS\system32\hphmon07.exe
O4 - HKLM\..\Run: [HPHped07] C:\PROGRA~1\HEWLET~1\{C8
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP