Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popups and IE quits unexpectedly

Started by boopity , Jun 01 2005 12:00 PM

  • Please log in to reply

#1
boopity
Posted 01 June 2005 - 12:00 PM

boopity

    New Member

  • Member
  • Pip
  • 7 posts
I have just recently begun to get Aurora and other popups. I noticed that a Party Poker icon has been showing up on my desktop and will not go away. Also, when I am browsing the internet my Internet Explorer will just close for no reason. Here is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:43 AM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
D:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Winamp\winampa.exe
c:\windows\system32\bfunvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dbsst.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kbxw] C:\WINDOWS\System32\kbxw.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\default\LOCALS~1\Temp\cetec.reg
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117607556471
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Distributed Folding Project Service (FoldtrajliteService) - Unknown owner - D:\distribfold-current-win9x\distribfold\foldtrajlite.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Thank you for your time.
  • 0

Advertisements

#2
Metallica
Posted 07 June 2005 - 03:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also

Disable Spybot's teatimer for as long as it takes to clean you out. By guarding your settings it would just hinder us.

Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2sea...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dbsst.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [kbxw] C:\WINDOWS\System32\kbxw.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s C:\DOCUME~1\default\LOCALS~1\Temp\cetec.reg

O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Regards,
  • 0

#3
boopity
Posted 08 June 2005 - 12:58 AM

boopity

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I don't know why, but Ewido Security Suite wouldn't work for me. First it told me there was an error and that I should reinstall it, so I did. Then it told me database couldn't be found and to update it, so it brought me to a window that showed me my status and it had a button for me to click on to update. I clicked on it and nothing happened. I don't know what I'm doing wrong. :tazz:
  • 0

#4
Metallica
Posted 08 June 2005 - 01:55 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Then download TDS-3 from http://tds.diamondcs...p?page=download
and update it following the instructions here:
http://tds.diamondcs...php?page=update
Then click System Testing > Full System scan.
Have it remove everything it gives you a positive identification of.

Regards,
  • 0

#5
boopity
Posted 08 June 2005 - 09:44 PM

boopity

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you SO SO sooo much Metallica. I think my computer is running a lot better now.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:36 PM, on 6/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O15 - Trusted Zone: http://www.neededware.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117607556471
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Distributed Folding Project Service (FoldtrajliteService) - Unknown owner - D:\distribfold-current-win9x\distribfold\foldtrajlite.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

And after turning my computer on and off I got Ewido to work so here is the log file:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:51:51 PM, 6/8/2005
+ Report-Checksum: 442266EB

+ Date of database: 6/8/2005
+ Version of scan engine: v3.0

+ Duration: 30 min
+ Scanned Files: 49988
+ Speed: 27.28 Files/Second
+ Infected files: 117
+ Removed files: 117
+ Files put in quarantine: 117
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\default\Application Data\wwcc.exe -> Spyware.PurityScan.v -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\default\Cookies\default@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\Power Scan\powerscan.exe -> Spyware.PowerScan.b -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014474.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014477.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014478.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014481.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014482.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014484.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014485.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014487.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014488.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014489.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014492.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014495.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014497.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014498.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014499.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014500.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00014501.TXT -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets.f -> Cleaned with backup
C:\WINDOWS\Knmldokf.dll -> Spyware.SearchBand.a -> Cleaned with backup
C:\WINDOWS\localNRD.dll -> Spyware.BiSpy.f -> Cleaned with backup
C:\WINDOWS\mltgmjgqrgl.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\preInsln.exe -> Spyware.BiSpy.o -> Cleaned with backup
C:\WINDOWS\system32\449166.exe -> Spyware.Beginto.a -> Cleaned with backup
C:\WINDOWS\system32\abetterinternet.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\atiupdate5.exe -> Spyware.Adtomi.e -> Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\biggie.exe -> Spyware.WinFetcher.b -> Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.VirtualBouncer.d -> Cleaned with backup
C:\WINDOWS\system32\dsmanager.dll -> Spyware.BHO.j -> Cleaned with backup
C:\WINDOWS\system32\dеxplore.exe -> Spyware.PurityScan.am -> Cleaned with backup
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.Exact.a -> Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy.j -> Cleaned with backup
C:\WINDOWS\system32\ezPopStub.exe -> Spyware.EZula.af -> Cleaned with backup
C:\WINDOWS\system32\hrdtmnjy.dll -> Spyware.PurityScan.ak -> Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> Trojan.Revop.c -> Cleaned with backup
C:\WINDOWS\system32\lsw.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy.j -> Cleaned with backup
C:\WINDOWS\system32\mscb.dll -> Spyware.BargainBuddy.j -> Cleaned with backup
C:\WINDOWS\system32\newdevin.exe -> Spyware.BookedSpace.c -> Cleaned with backup
C:\WINDOWS\system32\SuiteInstall.exe -> Spyware.Favoriteman -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup


::Report End


Thank you again!
  • 0

#6
Metallica
Posted 09 June 2005 - 03:13 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also

Then please istall the updates for SP2 for IE and XP

Please have a look at my site for some tips on how to remove and prevent spyware.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP