Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AURORA - ABI Network infection [RESOLVED]

Started by jromer5 , Jul 29 2005 05:53 PM

  • This topic is locked This topic is locked

#1
jromer5
Posted 29 July 2005 - 05:53 PM

jromer5

    Member

  • Member
  • PipPip
  • 43 posts
I have been trying to delete aurora pop-ups all day as well as winfixer2000. I have run spybot and adaware...someone please help. I have also tried trendmicros online scan and norton didn't help. Here is my hijackthis log.

Thanks :tazz:





Logfile of HijackThis v1.99.1
Scan saved at 6:47:42 PM, on 7/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\ecnnlim.exe
C:\WINDOWS\SYSTEM32\?ttrib.exe
c:\program files\nrpn\osoa.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\PROGRA~1\COMMON~1\irfm\irfma.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [fgpqgw] c:\windows\system32\ecnnlim.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://toprefsys.com...::/ieloader.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by jromer5, 29 July 2005 - 06:23 PM.

  • 0

Advertisements

#2
therock247uk
Posted 29 July 2005 - 08:36 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
First:
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Now run HijackThis, click Scan, and place a checkmark next to each of the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [random] C:\windows\system32\random.exe r

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.
NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).

Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#3
jromer5
Posted 04 August 2005 - 03:55 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank you for the reply, I did as instructed. I was not able to log back on the internet because I went out of town for a few days. I am back in town and looking forward to getting rid of all these pop-ups.

I have attached the log files of when I rebooted in safe mode, I am now in normal mode and do not know if you need new logfiles. Again, I hope to hear from you soon, your help is much appreciated. I am kinda new to this whole computer scanning thing so I also appreciate your patience. I have added some other comments at the end. I will look for your reply.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:03:57 PM, 8/4/2005
+ Report-Checksum: BA715392

+ Scan result:

HKLM\SOFTWARE\Admilli Service -> Spyware.BlazeFind : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0} -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Classes\Interface\{AD29366C-63AA-4FF3-944F-91AD7193BCA2} -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Ignored
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Ignored
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10003000-1000-0000-1000-000000000000} -> Spyware.Axexx : Ignored
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Ignored
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Cassandra -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E} -> Spyware.CoolWebSearch : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Mvu -> Spyware.Delfin : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\_hsrb -> Spyware.Hotsearchbar : Ignored
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
[908] c:\windows\system32\jjskheo.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe -> Spyware.Delfin : Ignored
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt -> Spyware.Cookie.Bfast : Ignored
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt -> Spyware.Cookie.Valueclick : Ignored
C:\Documents and Settings\LocalService\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\LocalService\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@findwhat[1].txt -> Spyware.Cookie.Findwhat : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@revenue[1].txt -> Spyware.Cookie.Revenue : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\ACD\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\ARX\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\BZW\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\Cookies\miguel a. romero@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\Del26.tmp -> Spyware.180Solutions : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\DWM\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\ICD1.tmp\hsrb.dll -> Spyware.HotBar : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\ICD2.tmp\hsrb.dll -> Spyware.HotBar : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\KYD\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\OJU\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\VCZ\aurareco.exe -> Adware.BetterInternet : Ignored
C:\Program Files\Admilli Service\AdmilliComm.dll -> Spyware.WinAD : Ignored
C:\Program Files\Admilli Service\AdmilliKeep.exe -> Spyware.WinAD : Ignored
C:\Program Files\Admilli Service\AdmilliServ.exe -> Spyware.WinAD : Ignored
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
C:\Program Files\Common Files\irfm\irfma.exe -> TrojanDownloader.TSUpdate.l : Ignored
C:\Program Files\Common Files\irfm\irfml.exe -> TrojanDownloader.TSUpdate.j : Ignored
C:\Program Files\Common Files\irfm\irfmm.exe -> TrojanDownloader.TSUpdate.k : Ignored
C:\Program Files\Common Files\irfm\irfmp.exe -> Spyware.Xupiter : Ignored
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Ignored
C:\Program Files\nrpn\osoa.exe -> TrojanDownloader.PurityScan.y : Ignored
C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.WebRebates : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq103.tmp -> Spyware.Cookie.Questionmarket : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq106.tmp -> Spyware.Cookie.Targetnet : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq107.tmp -> Spyware.Cookie.Valuead : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp -> Spyware.Cookie.Hitslink : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Spyware.Cookie.Atdmt : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq111.tmp -> Spyware.ImiBar : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq126.tmp -> Spyware.Cookie.Clickagents : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq128.tmp -> Spyware.Cookie.Statcounter : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq129.tmp -> Spyware.Cookie.Trafficmp : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12B.tmp -> Spyware.Cookie.Qksrv : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12C.tmp -> Spyware.Cookie.Tradedoubler : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12D.tmp -> Spyware.Cookie.Webtrendslive : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Burstnet : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.Casalemedia : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Cookie.Ru4 : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.Fastclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> Spyware.Cookie.Adserver : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> Spyware.Cookie.Falkag : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> Spyware.Cookie.Tribalfusion : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrojanDownloader.Dyfuca.dk : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrojanDownloader.Dyfuca.dk : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> Spyware.Cookie.247realmedia : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.Cookie.Realtracker : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.BargainBuddy : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> Spyware.Cookie.Gator : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Bridgetrack : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Ru4 : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Cookie.Bfast : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Revenue : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp\optimize.exe -> TrojanDownloader.Dyfuca.dk : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> Spyware.Cookie.Falkag : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Spyware.Cookie.Paycounter : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Serving-sys : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrojanDropper.Delf.ev : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Findwhat : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Hypertracker : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Cookie.Dbbsrv : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Bluestreak : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> Spyware.Cookie.Casalemedia : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Fastclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Revenue : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> Spyware.Cookie.Trafficmp : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Adserver : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Sexlist : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Falkag : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq605.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Spyware.Cookie.Doubleclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> Spyware.Cookie.Euniverseads : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> Spyware.Cookie.Coremetrics : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> Spyware.Cookie.Ad-logics : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrojanDownloader.Wintool.b : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> Spyware.Wintools : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> Spyware.Wintools : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> Spyware.Wintol : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrojanDownloader.Wintool.b : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> Spyware.WebSearch : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WSup.exe -> Spyware.Wintools : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsA.exe -> Spyware.Wintools : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsB.dll -> Spyware.Wintol : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsS.exe -> TrojanDownloader.Wintool.b : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> Spyware.Cookie.Serving-sys : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Cookie.Clickagents : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Cookie.Qksrv : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp -> Spyware.180Solutions : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Cookie.2o7 : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Spyware.Cookie.Atdmt : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> Spyware.Cookie.Bfast : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Cookie.Bluestreak : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> Spyware.Cookie.Serving-sys : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> Spyware.Cookie.Centrport : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> Spyware.Cookie.Bridgetrack : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp -> Spyware.Cookie.Pro-market : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp -> Spyware.Cookie.Doubleclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Cookie.Linksynergy : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> Spyware.Cookie.Mediaplex : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp -> Spyware.Cookie.Questionmarket : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> Spyware.Cookie.Serving-sys : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Cookie.Valueclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> Spyware.Cookie.Specificclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Cookie.Hitslink : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Cookie.Paypopup : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Cookie.Sexlist : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> Spyware.Cookie.Statcounter : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> Spyware.Cookie.Tribalfusion : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> Spyware.Cookie.Weborama : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Spyware.Cookie.Tradedoubler : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE8.tmp -> Spyware.Cookie.Sextracker : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE9.tmp -> Spyware.Cookie.Sextracker : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEA.tmp -> Spyware.Cookie.Sextracker : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEB.tmp -> Spyware.Cookie.Targetnet : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp -> Spyware.Cookie.Valueclick : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp -> Spyware.Cookie.Xxxcounter : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Spyware.Cookie.2o7 : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF4.tmp -> Spyware.Cookie.Adtech : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF5.tmp -> Spyware.Cookie.Commission-junction : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF6.tmp -> Spyware.Cookie.Hitbox : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF7.tmp -> Spyware.Cookie.Onestat : Ignored
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFE.tmp -> Spyware.Cookie.Centrport : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000001.exe -> Trojan.Agent.cp : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000008.exe -> Trojan.Agent.cp : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2\A0000015.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000018.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000062.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000063.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000074.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000076.dll -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000077.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000083.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000092.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000093.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000099.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000100.exe -> Adware.BetterInternet : Ignored
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000102.dll -> Adware.BetterInternet : Ignored
C:\Temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Ignored
C:\WINDOWS\a65d.exe -> Spyware.MediaMotor : Ignored
C:\WINDOWS\Bolger.dll_tobedeleted -> Adware.BetterInternet : Ignored
C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Ignored
C:\WINDOWS\Downloaded Program Files\mm63.ocx -> TrojanDownloader.VB.ez : Ignored
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Ignored
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Ignored
C:\WINDOWS\mm15201518.Stub.exe -> Adware.eZula : Ignored
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.du : Ignored
C:\WINDOWS\pmhyszj.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Ignored
C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL -> Spyware.Hijacker.Generic : Ignored
C:\WINDOWS\SYSTEM32\hsrb.dll -> Spyware.HotBar : Ignored
C:\WINDOWS\SYSTEM32\jjskheo.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\SYSTEM32\randreco.exe -> Adware.BetterInternet : Ignored
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Ignored
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Ignored
C:\WINDOWS\WildApp.dll -> Spyware.MetaDirect : Ignored
C:\WINDOWS\wmctufkelu.exe -> Adware.BetterInternet : Ignored


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 4:09:15 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
c:\windows\system32\jjskheo.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wlopdyy] c:\windows\system32\jjskheo.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://toprefsys.com...::/ieloader.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

When I tried to delete the random.exe r file, I got a message stating that the program could not be deleted because other persons or programs were using the file. I had all the windows closed just as you instructed, so I didn't know what else to do. For the ewido, there were alot of files that said spyware or adware but since this is my first time doing this I was not sure if I could go ahead and remove them. I could redo this and delete them if that is what is needed.
  • 0

#4
therock247uk
Posted 04 August 2005 - 04:02 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Did you tell Ewido to remove everything it finds it looks like you dident.
  • 0

#5
jromer5
Posted 04 August 2005 - 04:07 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
No I thought I was supposed to go one by one...and like I said I saw alot of things that said spyware and adware but i thought i would be safe and ask rather than just delete a whole bunch of files. I could rerun ewido which will take about an hour and delete all the spyware/adware files....would that be better?
  • 0

#6
therock247uk
Posted 04 August 2005 - 04:10 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Yep follow my first post again and delete everything that Ewido finds then post the Ewido log and a new Hijackthis log here in a reply.
  • 0

#7
jromer5
Posted 04 August 2005 - 04:11 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok see you in an hour. Thanks again!! :tazz:
  • 0

#8
jromer5
Posted 04 August 2005 - 05:38 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok I am back...

Attached you will find the ewido log file from when I was in safe mode.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:12:31 PM, 8/4/2005
+ Report-Checksum: 1321E7D8

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Ignored
HKLM\SOFTWARE\Admilli Service -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AD29366C-63AA-4FF3-944F-91AD7193BCA2} -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10003000-1000-0000-1000-000000000000} -> Spyware.Axexx : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Cassandra -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76A-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12EE7A5E-0674-42F9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\_hsrb -> Spyware.Hotsearchbar : Cleaned with backup
HKU\S-1-5-21-1358490993-4234410578-1438792519-1005\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
[920] c:\windows\system32\xukxsj.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe -> Spyware.Delfin : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Admilli Service\AdmilliComm.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Admilli Service\AdmilliKeep.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Admilli Service\AdmilliServ.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Common Files\irfm\irfma.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\irfm\irfml.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\irfm\irfmm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\irfm\irfmp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\nrpn\osoa.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.WebRebates : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq103.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq106.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq107.tmp -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10C.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq111.tmp -> Spyware.ImiBar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq126.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq128.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq129.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12B.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12C.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12D.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrojanDropper.Delf.ev : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq605.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrojanDownloader.Wintool.b : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> Spyware.Wintools : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> Spyware.Wintools : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrojanDownloader.Wintool.b : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WSup.exe -> Spyware.Wintools : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsS.exe -> TrojanDownloader.Wintool.b : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE8.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE9.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEA.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEB.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF4.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF5.tmp -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF6.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF7.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFE.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000001.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000008.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2\A0000015.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000018.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000062.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000063.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000074.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000076.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000077.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000083.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000092.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000093.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000099.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000100.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000102.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000976.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000979.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000984.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000985.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000987.dll -> Adware.BetterInternet : Cleaned with backup
C:\Temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\a65d.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\Bolger.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mm63.ocx -> TrojanDownloader.VB.ez : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.du : Cleaned with backup
C:\WINDOWS\pmhyszj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\hsrb.dll -> Spyware.HotBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\randreco.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\xukxsj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\WildApp.dll -> Spyware.MetaDirect : Cleaned with backup
C:\WINDOWS\wmctufkelu.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

[COLOR=purple]The Hijack log is from right now, in normal mode. I forgot to save the log from safe mode...:tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:31:58 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\windows\system32\zmxcgx.exe
C:\WINDOWS\System32\?ttrib.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\nrpn\osoa.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pilhvgp] c:\windows\system32\zmxcgx.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

#9
jromer5
Posted 04 August 2005 - 05:39 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
By the way, I was still not able to remove the random.exe r file.
  • 0

#10
therock247uk
Posted 04 August 2005 - 05:46 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Run all these oline virus scans and tell me what they find.

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm
http://www3.ca.com/t...sinfo/scan.aspx

2. Then post a new Hijackthis log here in a reply.
  • 0

Advertisements

#11
jromer5
Posted 04 August 2005 - 08:51 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hello! I am back! I did as instructed and here are the results. I went ahead and removed the spyware that trendmicro pulled up but I did not see an option to clean them from the other sites. Anyhow, i will post what the results were:

TRENDMICRO:
Virus Scan No virus detected


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed.
Detected File Associated Virus Name




Trojan/Worm Check No worm/Trojan horse detected

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed.
Trojan/Worm Name Trojan/Worm Type




Spyware Check 24 spyware programs detected

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 24 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type
COOKIE_45 Cookie
COOKIE_153 Cookie
COOKIE_169 Cookie
COOKIE_174 Cookie
COOKIE_222 Cookie
COOKIE_534 Cookie
COOKIE_960 Cookie
COOKIE_1375 Cookie
COOKIE_2060 Cookie
COOKIE_2281 Cookie
COOKIE_2955 Cookie
COOKIE_3004 Cookie
COOKIE_3163 Cookie
COOKIE_3184 Cookie
COOKIE_3185 Cookie
COOKIE_3186 Cookie
COOKIE_3195 Cookie
ADW_ADMILLI.A Adware
COOKIE_3201 Cookie
ADW_TARGETSAV.A Adware
COOKIE_6853 Cookie
ADW_NCASE.A Adware
ADW_SEARCHREL.E Adware
ADW_BROWSERAID.E Adware




Microsoft Vulnerability Check 1 vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 1 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. MS05-023


PANDA SOFTWARE:


Incident Status Location

Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temp\!update.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\MIGUEL A. ROMERO\Local Settings\Temporary Internet Files\Content.IE5\YRWDW7E5\!update-2295[1].0000
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\irfm\irfmd\irfmc.dll
Adware:Adware/PurityScan No disinfected C:\Program Files\nrpn\osoa.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp\WToolsD.cfg
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000989.exe
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000990.dll
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000991.exe
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000992.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000993.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000994.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000995.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000996.exe
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000997.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000998.exe
Adware:Adware/WUpd No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000999.dll
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001000.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001001.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001002.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001003.dll
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001004.exe
Spyware:Spyware/Media-motor No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001005.exe
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001006.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001007.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001008.dll
Adware:Adware/DelFinMedia No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001010.exe
Spyware:Spyware/Dyfuca No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001011.exe
Adware:Adware/BrowserAid No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001014.DLL
Adware:Adware/ILookup No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001015.dll
Spyware:Spyware/BetterInet No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001016.exe
Spyware:Spyware/Media-motor No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001018.exe
Spyware:Spyware/Overpro No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001019.dll
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001027.exe
Adware:Adware/Transponder No disinfected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001032.exe
Adware:Adware/nCase No disinfected C:\Temp\NCasePackage.exe
Adware:Adware/SearchRelevancy No disinfected C:\Temp\SearchRelevancy.exe
Adware:adware/transponder No disinfected C:\WINDOWS\abiuninst.htm
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\mm63.INF
Adware:adware/ipinsight No disinfected C:\WINDOWS\farmmext.ini
Adware:adware/aurora No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\flntiv.dll
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\Shex.exe
Adware:adware/wintools No disinfected C:\WINDOWS\SYSTEM32\TBPS.ini
Adware:Adware/Transponder No disinfected C:\WINDOWS\SYSTEM32\zmxcgx.exe
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
THE THIRD SITE:

Scan Results: 43327 files scanned. 13 viruses were detected.

File Infection Status Path
A0000991.exe Win32.WinAd.J infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0000992.exe Win32.WinAd.AA infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0000994.exe Win32.SillyDl.LC infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0000995.exe Win32.SillyDl.QQ infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001000.exe Win32.Dyfuca.E infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001007.exe Win32.SillyDl.TC infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001011.exe Win32.Dyfuca.K infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001013.exe Win32.Imiserv infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001016.exe Win32.BettInet.C infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001017.exe Win32.Imiserv infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001027.exe Win32.BettInet.BF infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
A0001032.exe Win32.BettInet.BF infected C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\
zmxcgx.exe Win32.BettInet.BF infected C:\WINDOWS\SYSTEM32\


Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:05 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\windows\system32\zmxcgx.exe
C:\WINDOWS\System32\?ttrib.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\nrpn\osoa.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pilhvgp] c:\windows\system32\zmxcgx.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


Hope this helps!!!
  • 0

#12
therock247uk
Posted 05 August 2005 - 06:18 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Nail.exe fully installed again.

First:
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Now run HijackThis, click Scan, and place a checkmark next to each of the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [random] C:\windows\system32\random.exe r

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.
NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).

Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#13
jromer5
Posted 05 August 2005 - 01:02 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello! Ok I have done as instructed... I did not find the [04-.......random.exe r] file.

EWIDO
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:19:44 PM, 8/5/2005
+ Report-Checksum: A61F58DA

+ Scan result:

C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. romero@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\MIGUEL A. ROMERO\Cookies\miguel a. [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000989.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000990.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000991.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000992.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000993.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000994.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000995.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000996.exe -> Spyware.Xupiter : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000997.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000998.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000999.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001000.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001001.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001002.exe -> Spyware.Wintools : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001003.dll -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001004.exe -> TrojanDownloader.Wintool.b : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001005.exe -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001006.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001007.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001008.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001009.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001010.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001011.exe -> TrojanDownloader.Dyfuca.du : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001012.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001013.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001014.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001015.dll -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001016.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001017.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001018.exe -> Spyware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001019.dll -> Spyware.MetaDirect : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001020.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001027.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0001032.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0002031.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0004046.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004133.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004145.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004165.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004200.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004201.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004202.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004203.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004204.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004208.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP4\A0004212.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\pmhyszj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\aytltiy.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 1:37:44 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\?ttrib.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\nrpn\osoa.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


Thanks again!
  • 0

#14
therock247uk
Posted 05 August 2005 - 01:16 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {C8DE9DB2-2D50-2287-54FA-20D05B5A759E} - C:\WINDOWS\System32\zhj.dll (file missing)
O2 - BHO: (no name) - {C93EEF11-5DAE-2E7C-DEE9-0082BD192FC2} - C:\WINDOWS\System32\flntiv.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Tmjjzv] C:\Program Files\Rgezm\Vqvykd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Mopmsgws] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [irfm] C:\PROGRA~1\COMMON~1\irfm\irfmm.exe
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O20 - AppInit_DLLs: sbfxy7lwzc3odll.dll

4. Delete the folders. (if present)

C:\Program Files\PeDevice
C:\Program Files\Rgezm
C:\Program Files\Common Files\irfm
C:\Program Files\nrpn

5. Delete the files. (if present)

C:\WINDOWS\System32\flntiv.dll

These files might either be found in C:\ C:\Windows or C:\Windows\System32 if found delete.

sbfxy7lwzc3odll.dll

6. Reboot and post a new Hijackthis log here in a reply.
  • 0

#15
jromer5
Posted 05 August 2005 - 02:00 PM

jromer5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok! Did as instructed and here is my new Hijack this log:

:tazz:

Logfile of HijackThis v1.99.1
Scan saved at 2:58:53 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121567583465
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP