Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help with aurora! [CLOSED]


  • This topic is locked This topic is locked

#1
acutelyaware

acutelyaware

    New Member

  • Member
  • Pip
  • 9 posts
I have run tons of scans and such, but can't seem to shake the aurora virus off. if anyone could help id be soooo appreciative. here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 2:07:21 PM, on 7/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\hmea.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
c:\windows\system32\toezxxl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [baujoef] c:\windows\system32\toezxxl.exe r
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [gB2qRfetR] pifoex32.exe
O4 - HKCU\..\Run: [Asaa] C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\kcdmac.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is my log. thank you for your help :tazz:



Logfile of HijackThis v1.99.1
Scan saved at 1:27:39 AM, on 7/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ezaaqgh.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\iszifpdczo.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [rjlirvz] c:\windows\system32\ezaaqgh.exe r
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [gB2qRfetR] pifoex32.exe
O4 - HKCU\..\Run: [Asaa] C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\gatext.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
First I need you to download and prepare some tools that we will need to remove the infection that you have.

Please download Ewido Security Suite
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido Manual Updates


Please download CCleaner
Install it, but do not run it yet.


Please download this file: Nailfix Utility
Save it to your desktop, but do not run it yet.



Now that you have the right tools we can start fixing your problem.

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now as the action.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [rjlirvz] c:\windows\system32\ezaaqgh.exe r
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [gB2qRfetR] pifoex32.exe
O4 - HKCU\..\Run: [Asaa] C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe




Delete these files/folders, if found.

C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\Downloaded Program Files\SbCIe028.dll
C:\WINDOWS\System32\vidctrl
C:\WINDOWS\System32\ezaaqgh.exe
C:\WINDOWS\System32\jxotzuaq.exe
C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
pifoex32.exe


Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#5
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thank you so much for your help so far.

Logfile of HijackThis v1.99.1
Scan saved at 3:04:40 PM, on 7/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\windows\system32\hkdnahb.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [jsibtkj] c:\windows\system32\hkdnahb.exe r
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [gB2qRfetR] pifoex32.exe
O4 - HKCU\..\Run: [Asaa] C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\bxotvid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:44:43 PM, 7/24/2005
+ Report-Checksum: ED5A67F1

+ Scan result:

C:\compaq\lutil\WizHost.exe -> Heuristic.Win32.Dialer : Ignored
C:\Program Files\WinAce\winace.exe -> Heuristic.Win32.AVKiller : Ignored
HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6} -> Spyware.SideStep : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FE82BA0-9335-4D4E-8E98-76409A88F2C1} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{ACE5B10B-92A3-4103-8583-3684BB09409F} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF286CEA-635D-40C5-A891-B40A0F520539} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{487E7682-B976-41FB-A944-E8B83689A454} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdToolsX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6} -> Spyware.SideStep : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEP -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@bluemountain[1].txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@dbbsrv[1].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-applevac.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-cbs.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-dermadoctor.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-newsinternational.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-reebok.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-tfl.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@mt.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@premiumnetworkrocks.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@trls.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Cookies\theresa@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Cookies\theresa@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Cookies\theresa@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Cookies\theresa@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Cookies\theresa@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\M5X2RQ9O\ysb_1002245[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\5FPQ95XP\upd209[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\D81Y6GDC\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\D81Y6GDC\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\F3DE12LR\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\S13YUQR3\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\4393A28F-BD13-4E1D-88FF-841345 -> Spyware.Look2Me : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\6E4DCD33-7BE0-4D3F-A19B-D3918D -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\6E68C32A-1E79-4F13-ADB5-F59A2C -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\74DC6878-52DD-4395-B5A7-4EA5BD -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\7AED02BA-5F67-45CF-BED3-587E02 -> Spyware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\190AE0AA-2529-43CB-9CD2-1BD785\EE0F5366-7139-406D-9863-0CCC0E -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1A9E60F9-E342-42D4-A54A-BDD875\73084ABC-28F0-481C-B26C-2F16D7 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\431C3967-C036-4BD4-8744-F4CAE6\3C083952-481B-4D19-958F-C3A0D8 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\530CB1E7-8950-4D96-9CB8-DE5775\9357FD71-5390-4C4E-B463-E477EC -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\530CB1E7-8950-4D96-9CB8-DE5775\A82F8AF2-CEDE-47E0-908E-77D7D6 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Micro
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Tools, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Please make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [jsibtkj] c:\windows\system32\hkdnahb.exe r
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [gB2qRfetR] pifoex32.exe
O4 - HKCU\..\Run: [Asaa] C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\hkdnahb.exe
C:\WINDOWS\System32\jxotzuaq.exe
C:\Documents and Settings\Theresa.COMPUTER\Application Data\erpt.exe
pifoex32.exe


Reboot your computer to go back to normal mode and post a new log.
  • 0

#7
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:20:49 PM, on 7/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ujivps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\BZW\aurareco.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\wupdt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [xokhguh] c:\windows\system32\ujivps.exe r
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Can you post a new hijackthis log? That one is not complete.
  • 0

#9
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:49:41 PM, on 7/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ujivps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [xokhguh] c:\windows\system32\ujivps.exe r
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\bxotvid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You've become reinfected already. Please apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.

Edited by Buckeye_Sam, 24 July 2005 - 06:57 PM.

  • 0

Advertisements


#11
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:11:44 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\ahrmra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
O4 - HKLM\..\Run: [jkfzgtb] c:\windows\system32\ahrmra.exe r
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\bxotvid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Alright! Now that you closed a few security holes with that update, let's see what we can do.


Please print out these instructions as the rest of this fix must be done in Safe mode and you won't be able to access the Internet.

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


==============


Once in Safe mode, please follow these steps:
  • Double-click on nailfix.exe.
    Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
    Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

  • Now open ewido and do a scan of your system.
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.
  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [mscin] C:\WINDOWS\system32\m190309.EXE
    O4 - HKLM\..\Run: [jkfzgtb] c:\windows\system32\ahrmra.exe r
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
    O4 - HKCU\..\Run: [Jxnhudf] C:\WINDOWS\System32\jxotzuaq.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe



  • Delete these files, if found.

    C:\WINDOWS\dsr.dll
    C:\WINDOWS\System32\exp.exe
    C:\WINDOWS\dinst.exe
    C:\WINDOWS\system32\m190309.EXE
    c:\windows\system32\ahrmra.exe r
    C:\WINDOWS\System32\wintask.exe
    C:\WINDOWS\System32\jxotzuaq.exe


  • Now run CCleaner.
    • Uncheck "Cookies" under "Internet Explorer".
    • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
    • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#13
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:13:52 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\etb\pokapoka62.exe
c:\windows\system32\cyavcb.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [mwivqn] c:\windows\system32\cyavcb.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\bxotvid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:57:19 AM, 7/29/2005
+ Report-Checksum: F7BD97D8

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1993962763-789336058-1060284298-1004\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1993962763-789336058-1060284298-1004\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
C:\compaq\lutil\WizHost.exe -> Heuristic.Win32.Dialer : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Theresa.COMPUTER\Application Data\Mozilla\Profiles\default\b81epusr.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@ehg-console.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Cookies\theresa@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4OBHRV2P\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\4OBHRV2P\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\QDEOIHRT\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\4393A28F-BD13-4E1D-88FF-841345 -> Spyware.Look2Me : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B6145C8-DBCD-4C0B-B4E4-C7741C\DB2051E3-5B4B-4D34-BFCE-1A38FF -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B8C9571-4C7C-42AF-A478-145DC3\385458F6-EC4B-4A41-80D6-E17004 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3A91A297-B3E0-4E50-9F7C-5543DF\03CDCD4E-7FEC-455C-A07E-DFB995 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F9C9662-B408-43B5-8368-0595FF\1E34DAB2-1C01-409D-A262-F44A98 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B841B76B-7C6A-42EE-9A74-03EC81\F4D17C66-8855-4E49-B27F-81EAD4 -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D5710865-0EAE-4BED-8626-6A06DC\D6B923A3-6A55-4C3D-8A42-00540F -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCC0DDC9-DEF9-4B5C-BB21-E470CE\79D72C3B-6999-4DA1-8B8E-B4A0F8 -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\WinAce\winace.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP337\A0050620.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051868.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051869.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051870.exe -> Spyware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051871.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051872.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051873.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051874.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051876.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0051877.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP340\A0052006.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP342\A0052058.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP342\A0052994.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP342\A0053064.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0058224.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0058225.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059039.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059058.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059087.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059088.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059090.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059092.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059335.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059340.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059353.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP375\A0059369.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059380.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059383.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059387.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059389.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059406.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP376\A0059412.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059426.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059432.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059433.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059435.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059441.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059443.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059466.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059521.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059523.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{03546BCF-FFDD-4A01-A7B4-E0F9DF019EFC}\RP377\A0059525.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\WINDOWS\system32\hmea.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\scom.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\tlredgk.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You have a Epolvy Trojan.

First you should know that the main bad file that we need to kill is the 04 line in your hijackthis log that ends in a lower case r. This filename can change frequently so it will probably be different than what you posted in your last log. In the fix below I call it randomfile.exe, but it will always be that file that shows up in your current hijackthis that ends in a lower case r.

=======

Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for c:\windows\system32\randomfile.exe
  • Open your C:\Windows\system32 folder and search for randomfile.exe .
    Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select c:\windows\system32\randomfile.exe and Click Kill3
  • Then immediately delete randomfile.exe from your system32 folder.
Close APT.

========

Next fix these lines with Hijackthis:

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [random] c:\windows\system32\randomfile.exe r

========

Please run this online virus scan.
Make sure it is set to clean automatically

Panda Virus Scan

There may be files that this scan will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#15
acutelyaware

acutelyaware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:03:45 AM, on 7/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\iwczsr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110842~1\EE\AOLServiceHost.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\CasStub\casstub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\iszifpdczo.exe
C:\WINDOWS\system32\pi1_60.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BootWarn] C:\Program Files\Norton AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108420637\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\system32\cxtpls_loader.EXE" /HideUninstall /HideDir /PC= CP.AOP /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [ijahik] c:\windows\system32\iwczsr.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [CasStub] C:\Program Files\CasStub\casstub.exe -run
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\bxotvid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Incident Status Location

Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\4588686_3864_264_1412_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\327780_3864_264_940_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\2949970_3864_264_1172_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1180804_3864_264_2092_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\132370_3864_264_3892_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\787590_3864_264_3960_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1311550_3864_264_3756_62.41.tmp
Virus:Trj/Downloader.AYV Disinfected Operating system
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1049762_1576_264_428_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1901690_1576_264_3924_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1180930_1576_264_2800_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1179838_1576_264_464_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\721086_1576_264_2148_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\1705282_1576_264_2544_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\655550_1576_264_996_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\12125152_1576_264_3676_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\131570_1576_264_3552_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\DOCUME~1\THERES~1.COM\LOCALS~1\Temp\65760_1576_264_3528_62.41.tmp
Adware:adware/aurora No disinfected C:\WINDOWS\SYSTEM32\DrPMon.dll
Adware:adware/look2me No disinfected C:\WINDOWS\SYSTEM32\guard.tmp
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:adware/ncase No disinfected C:\TEMP\salm.log
Adware:adware/powerscan No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\pcpowerscan.EXE
Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/wintools No disinfected C:\WINDOWS\hisistheurls.exe
Adware:adware/sidesearch No disinfected C:\WINDOWS\sepsd.bin
Spyware:spyware/dyfuca No disinfected C:\WINDOWS\tct101.dll
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:adware/imgiant No disinfected C:\PROGRAM FILES\joystick networks
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\THERESA.COMPUTER\FAVORITES\Casino & Carrers
Spyware:spyware/istbar No disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/sidestep No disinfected HKEY_CURRENT_USER\SOFTWARE\SIDESTEP
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/mediatickets No disinfected HKEY_CLASSES_ROOT\MEDIAGATEWAYX.INSTALLER
Adware:adware/statblaster No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MINIGOLF
Adware:adware/delfinmedia No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL
Adware:adware/iedriver No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{120E090D-9136-4B78-8258-F0B44B4BD2AC}
Adware:adware/ucmore No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47f0-85BB-3FFD8020233E}
Spyware:Spyware/ShopNav No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QOJKI7KL\Srng_findology_osall_3.0.5[1].zip[Srng_findology_osall_3.0.5[1]]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Desktop\MAC\Windows_XP_CD_Key_and_Product_ID_Changer_by_NaPsteR.zip[vgt.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1049762_1576_264_428_62.41.tmp
Adware:Adware/Aurora No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\11.tmp\thnall1ac.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1179838_1576_264_464_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1180526_3760_264_1864_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1180804_3864_264_2092_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1180930_1576_264_2800_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\12125152_1576_264_3676_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1246210_3760_264_2228_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1311550_3864_264_3756_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\131570_1576_264_3552_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\132370_3864_264_3892_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1508234_3760_264_3596_62.41.tmp
Virus:Trj/Downloader.AYV Disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\168.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1705282_1576_264_2544_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\1901690_1576_264_3924_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\2098034_3760_264_3156_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\2949970_3864_264_1172_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\327780_3864_264_940_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\328892_3760_264_440_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\394374_3760_264_1332_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\4588686_3864_264_1412_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\655550_1576_264_996_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\65760_1576_264_3528_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\721086_1576_264_2148_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\787332_3760_264_2352_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\787590_3864_264_3960_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\852952_3760_264_1144_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Theresa.COMPUTER\Local Settings\Temp\983932_3760_264_2152_62.41.tmp
Adware:Adware Program No disinfected C:\HJT\backups\backup-20040901-132604-805.inf
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/Look2Me No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\139454AB-B8A5-4472-9D76-3FE647\4393A28F-BD13-4E1D-88FF-841345
Spyware:Spyware/Support No disinfected C:\Program Files\Support.com\bin\tgcmd.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{5AFDDBA8-F7B0-4807-AE94-7E459D448A04}\RP9\A0005349.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP33\A0003007.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP33\A0003028.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0003239.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0003241.inf
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0003273.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0003275.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0004227.inf
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0004229.inf
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{E47CE5A1-4F8D-4794-AC88-CB749634FA58}\RP40\A0004231.inf
Adware:Adware/KeenValue No disinfected C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP144\A0416817.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\aovpack.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cbmuid.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dTdxof.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gatext.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\guard.tmp
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kadblr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kddmac.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kgdazel.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\lscalui.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\LVamCpl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\oofox32.dll
Virus:Trj/Downloader.DOJ Disinfected C:\WINDOWS\system32\pi1_60.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\prtorsvc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ssripto.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\wfpns.dll
Adware:Adware/WinAD No disinfected C:\WINDOWS\Temp\MediaAccessInstPack.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP