Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winfixer [RESOLVED]

Started by ecrawfor , Aug 06 2005 01:22 AM

  • This topic is locked This topic is locked

#1
ecrawfor
Posted 06 August 2005 - 01:22 AM

ecrawfor

    Member

  • Member
  • PipPip
  • 19 posts
Hello,

I posted this about an hour ago, but I posted to the operating system forum, not the malware forum. Someone there told me to run all the steps and post to the malware forum.

But I already followed all the steps and ran all the programs you asked me to.
It took me several days.
Winfixer is still around and will not go away.
Here is my hijackthis log.

I apologize for posting twice (to the two different forums).
Thanks for any help you can give me.

Ellen

Logfile of HijackThis v1.99.1
Scan saved at 12:14:06 AM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\apsi\wtta.exe
C:\WINDOWS\system32\r?ndll.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\mywork\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\cql3dv2.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
tampabelle
Posted 06 August 2005 - 08:46 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

You have a bunch of infections. It will take a few iterations to clean up the PC but it can be done. :tazz:

Lets get on the job.


First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#3
ecrawfor
Posted 06 August 2005 - 01:22 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, I'm back.
Here's how it went.

1) I download the 3 programs you listed.
I had already downloaded cwshredder and cleanup
since they were on the "start here" malware page,
but I downloaded them again from your link in
case it was different. I stored them on the desktop
as you suggested.

2) I booted into safe mode. I was surprised to see
that my user account which I usually use, "owner", was
not there. I logged into my other account, "admin".

3) I ran AboutBuster two times, each with a rescan.
I didn't realize it would overwrite its logfile, so
I only have the last logfile.

4) I went on to run cwshredder. Unfortunately it was
on my other user account desktop, which I couldn't
get to. I logged in regular mode and moved all
the desktop things I downloaded to a dir I could get to.
I rebooted back into safe mode. I ran AboutBuster
two double times again. BTW, it never found anything.

5) I ran cwshredder. It said it deleted CWS:Look2Me.
It said I needed to reboot and run again. I did that,
booting into safe mode again. It found the same file
and said it removed it again. It said I needed to
reboot again. This seemed like an endless loop so
I didn't reboot.

6) I ran cleanup40.

7) When I reboot into normal mode,
I get these errors:
" Faulting application winlogon.exe, version 0.0.0.0,
faulting module varifier.dll, version 0.0.0.0,
fault address 0x00013c4c."
Also,
"Faulting application, version 0.0.0.0, faulting
module cql3dv2.dll, version 0.0.0.0, fault
address 0x00013c4c.
Also, "Windows cannot find Nail...." (didn't catch this one,
and it's not in the event log)
Also, Ewido pops up several alarms, finding things.
Also, "restart" doesn't seem to work anymore,
(or it takes an incredibly long time).
but Stop Computer, Start Computer does work.

----LOGS-------------------------
All the AboutBuster log files look the same,
except for the date. If you want me to post
all 3 that I captured, let me know.
-------------------------
AB LogFile3.txt


Scanned at: 11:27:28 AM on: 8/6/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

---------------------------------------
Here's the latest hijack this logfile.
Let me know what I need to do next.
Thanks for the help.

Ellen
-----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:03:03 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Eps12\bin\epsilon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\r?ndll.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\varifier.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
tampabelle
Posted 06 August 2005 - 02:00 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#5
ecrawfor
Posted 06 August 2005 - 08:12 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello again,

Now this was an easy one to carry out.
Below is the log.

Awaiting your instructions,

Ellen


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\varifier.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{47A04C08-589A-A1DD-4082-F3E127534673}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}"="Registered ActiveX Controls"
"{D545EBD1-BD92-11CF-8772-00A0C9039735}"="Developer Studio Components"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Share-to-Web Upload Folder"
"{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"="MediaFace extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{0E1631FA-7196-4854-B06A-EA5D604E99A8}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\srlunirl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0E1631FA-7196-4854-B06A-EA5D604E99A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E1631FA-7196-4854-B06A-EA5D604E99A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E1631FA-7196-4854-B06A-EA5D604E99A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E1631FA-7196-4854-B06A-EA5D604E99A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\kkdtat.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bgpanui.dll Sun Jul 31 2005 9:43:26p ..S.R 417,792 408.00 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
cql3dv2.dll Tue Aug 2 2005 9:49:00p ..S.R 417,792 408.00 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
gwfspi~1.dll Tue Jul 12 2005 5:50:40p A.... 23,304 22.76 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
hhsetup.dll Thu May 26 2005 7:04:28p A.... 41,472 40.50 K
icm32.dll Tue Jun 28 2005 6:46:00p A.... 254,976 249.00 K
itircl.dll Thu May 26 2005 7:04:28p A.... 155,136 151.50 K
itss.dll Thu May 26 2005 7:04:28p A.... 137,216 134.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
kkdtat.dll Sat Aug 6 2005 11:33:02a ..S.R 417,792 408.00 K
legitc~1.dll Tue Jul 12 2005 5:50:44p A.... 520,456 508.26 K
lppcd11n.dll Sat Aug 6 2005 10:22:44a ..S.R 417,792 408.00 K
mdimusic.dll Sat Aug 6 2005 10:37:54a ..S.R 417,792 408.00 K
mscms.dll Tue Jun 28 2005 6:46:00p A.... 74,240 72.50 K
s32evnt1.dll Fri May 13 2005 7:50:10p A.... 91,856 89.70 K
srlunirl.dll Sat Aug 6 2005 11:50:34a ..S.R 417,792 408.00 K
varifier.dll Sat Aug 6 2005 11:08:36a ..S.R 417,792 408.00 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
xpsp3res.dll Mon May 16 2005 5:25:36p ..... 15,360 15.00 K

28 items found: 28 files (7 H/S), 0 directories.
Total of file sizes: 7,216,136 bytes 6.88 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is HPNOTEBOOK
Volume Serial Number is 709E-3C03

Directory of C:\WINDOWS\System32

08/06/2005 11:50 AM 417,792 srlunirl.dll
08/06/2005 11:33 AM 417,792 kkdtat.dll
08/06/2005 11:08 AM 417,792 varifier.dll
08/06/2005 10:37 AM 417,792 MDIMUSIC.DLL
08/06/2005 10:22 AM 417,792 lppcd11n.dll
08/02/2005 09:48 PM 417,792 cql3dv2.dll
07/31/2005 09:43 PM 417,792 bgpanui.dll
07/21/2005 07:00 AM 401,408 w?aclt.exe
07/21/2005 06:57 AM 401,408 r?ndll.exe
06/25/2005 07:29 AM <DIR> dllcache
11/20/2001 07:03 PM <DIR> Microsoft
9 File(s) 3,727,360 bytes
2 Dir(s) 6,285,090,816 bytes free
  • 0

#6
tampabelle
Posted 07 August 2005 - 04:59 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#7
ecrawfor
Posted 07 August 2005 - 02:05 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Tampabelle,

I'm a little worried about doing this. My computer right now will not turn off gracefully. "Start" - "Turn off Computer" - "Turnoff" does not work. "Restart" will also not work. In order to really stop my computer I must hit the power button, and hold for 5 seconds. If I run l2m4ix with #2, which will want to restart my computer, will it get stuck trying to restartand maybe do something bad? Or will it work at all if it can't restart the computer? Please advise... I'll do it if you say it's ok.

Ellen
  • 0

#8
tampabelle
Posted 07 August 2005 - 04:26 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Try the hard boot by yourself, if the reboot through the l2mfix program doesnt work.

If we have any issues, we will deal with the bad files the hard and the manual way. What ever the file does automatically, we can also do it manually :tazz:
  • 0

#9
ecrawfor
Posted 07 August 2005 - 05:21 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay!
The reboot actually happened.
I logged back in (that was not in the instructions)
Windows complained about finding Nail.exe.
I had to dismiss that window clicking the upper right X.
Stupid ewido popped up and updated itself.
Then I waited and waited... nothing happened.
The icons did not disappear.
Then I popped up windows task manager and looked... nothing extra was running.

So I tried it again.
I ran l2mfix.bat.
I chose option 2.
It rebooted nicely again.
I logged back in.
I complained about not finding Nail.exe again but this time the popup went away by itself.
Then a RUNDLL popup came up, saying "error loading cfgmgr52.dll. The specified module could not be found" . I pressed ok.
Then l2mfix actually started scanning!
Ewido popped up with a warning, I X dismissed it.
Norton antivirus popped up twice, finding "trojan.addclicker".
I dismissesd them both.
Then l2mfix finished.
Here is it's log, and below this is a new hijackThis log.
Thanks, let me know what's next.

Ellen

L2Mfix 1.03a

Running From:
C:\virusfix\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\virusfix\l2mfix
System Rebooted!

Running From:
C:\virusfix\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 580 'explorer.exe'
Killing PID 580 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\bgpanui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\bgpanui.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cql3dv2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cql3dv2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkdtat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kkdtat.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lppcd11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lppcd11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MDIMUSIC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\MDIMUSIC.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\varifier.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\varifier.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\bgpanui.dll
Successfully Deleted: C:\WINDOWS\system32\bgpanui.dll
deleting: C:\WINDOWS\system32\bgpanui.dll
Successfully Deleted: C:\WINDOWS\system32\bgpanui.dll
deleting: C:\WINDOWS\system32\cql3dv2.dll
Successfully Deleted: C:\WINDOWS\system32\cql3dv2.dll
deleting: C:\WINDOWS\system32\cql3dv2.dll
Successfully Deleted: C:\WINDOWS\system32\cql3dv2.dll
deleting: C:\WINDOWS\system32\kkdtat.dll
Successfully Deleted: C:\WINDOWS\system32\kkdtat.dll
deleting: C:\WINDOWS\system32\kkdtat.dll
Successfully Deleted: C:\WINDOWS\system32\kkdtat.dll
deleting: C:\WINDOWS\system32\lppcd11n.dll
Successfully Deleted: C:\WINDOWS\system32\lppcd11n.dll
deleting: C:\WINDOWS\system32\lppcd11n.dll
Successfully Deleted: C:\WINDOWS\system32\lppcd11n.dll
deleting: C:\WINDOWS\system32\MDIMUSIC.DLL
Successfully Deleted: C:\WINDOWS\system32\MDIMUSIC.DLL
deleting: C:\WINDOWS\system32\MDIMUSIC.DLL
Successfully Deleted: C:\WINDOWS\system32\MDIMUSIC.DLL
deleting: C:\WINDOWS\system32\varifier.dll
Successfully Deleted: C:\WINDOWS\system32\varifier.dll
deleting: C:\WINDOWS\system32\varifier.dll
Successfully Deleted: C:\WINDOWS\system32\varifier.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: bgpanui.dll (208 bytes security) (deflated 48%)
adding: cql3dv2.dll (208 bytes security) (deflated 48%)
adding: kkdtat.dll (208 bytes security) (deflated 48%)
adding: lppcd11n.dll (208 bytes security) (deflated 48%)
adding: MDIMUSIC.DLL (208 bytes security) (deflated 48%)
adding: varifier.dll (208 bytes security) (deflated 48%)
adding: guard.tmp (208 bytes security) (deflated 48%)
adding: clear.reg (208 bytes security) (deflated 36%)
adding: echo.reg (208 bytes security) (deflated 8%)
adding: direct.txt (208 bytes security) (stored 0%)
adding: lo2.txt (208 bytes security) (deflated 82%)
adding: readme.txt (208 bytes security) (deflated 49%)
adding: report.txt (208 bytes security) (deflated 62%)
adding: test.txt (208 bytes security) (deflated 82%)
adding: test2.txt (208 bytes security) (deflated 17%)
adding: test3.txt (208 bytes security) (deflated 17%)
adding: test5.txt (208 bytes security) (deflated 17%)
adding: xfind.txt (208 bytes security) (deflated 78%)
adding: backregs/0E1631FA-7196-4854-B06A-EA5D604E99A8.reg (208 bytes security) (deflated 70%)
adding: backregs/56195B34-B3B4-4D01-A7F2-28E599D8D8AB.reg (208 bytes security) (deflated 70%)
adding: backregs/shell.reg (208 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: bgpanui.dll
deleting local copy: bgpanui.dll
deleting local copy: cql3dv2.dll
deleting local copy: cql3dv2.dll
deleting local copy: kkdtat.dll
deleting local copy: kkdtat.dll
deleting local copy: lppcd11n.dll
deleting local copy: lppcd11n.dll
deleting local copy: MDIMUSIC.DLL
deleting local copy: MDIMUSIC.DLL
deleting local copy: varifier.dll
deleting local copy: varifier.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\bgpanui.dll
C:\WINDOWS\system32\bgpanui.dll
C:\WINDOWS\system32\cql3dv2.dll
C:\WINDOWS\system32\cql3dv2.dll
C:\WINDOWS\system32\kkdtat.dll
C:\WINDOWS\system32\kkdtat.dll
C:\WINDOWS\system32\lppcd11n.dll
C:\WINDOWS\system32\lppcd11n.dll
C:\WINDOWS\system32\MDIMUSIC.DLL
C:\WINDOWS\system32\MDIMUSIC.DLL
C:\WINDOWS\system32\varifier.dll
C:\WINDOWS\system32\varifier.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}"=-
"{0E1631FA-7196-4854-B06A-EA5D604E99A8}"=-
[-HKEY_CLASSES_ROOT\CLSID\{56195B34-B3B4-4D01-A7F2-28E599D8D8AB}]
[-HKEY_CLASSES_ROOT\CLSID\{0E1631FA-7196-4854-B06A-EA5D604E99A8}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post

Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post

Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


---------------HIJACK THIS-----------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 4:20:27 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\r?ndll.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {2BFC5834-BDBD-472C-B8C5-E3ECBFE60CCA} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {B52A2108-4AA6-413E-A7F2-42E72CC703BD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D05F0ED2-FFB6-46E4-8A7C-E25A18A63DD7} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
ecrawfor
Posted 07 August 2005 - 05:30 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
You know what else?
Winfixer has not jumped in and redirected me in the spots where it did before.

I'm almost afraid to touch anything for fear it will reappear.
But things are feeling much better right now.
  • 0

Advertisements

#11
ecrawfor
Posted 07 August 2005 - 05:51 PM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm starting to like my computer again...
  • 0

#12
tampabelle
Posted 07 August 2005 - 06:18 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Great news !!!


We still have a few infections on your PC.


Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.

Nailfix.exe
Double click on this file. It will create a new folder Nailfix on your desktop and place a couple of files in it.

2. Remove Infections

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

Surf Side Kick 3

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\SurfSideKick 3
C:\Program Files\apsi


Files
C:\WINDOWS\dinst.exe
C:\WINDOWS\cfgmgr52.dll
c:\windows\system32\tvhfmym.exe
C:\WINDOWS\system32\r?ndll.exe (please do not delete rundll.exe, a legitimate windows system file)

rtimodem.exe
perdsk.exe

(Search for these files using the Windows Search function)


Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch. It will open the folder Prefetch. Delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#13
ecrawfor
Posted 08 August 2005 - 01:28 AM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi.
Finally done.
Here's how it went.

Boy, that Ewido takes forever.

Please note, I must run in Admin user account when in safe mode,
but I use Owner user account when in normal mode.

NOTE 2: As I was starting to run hijack this, Ewido popped up and said
it found a virus - the aspi subdir that I just removed. Shoot.

All went pretty well except when trying to delete/remove etc the
lists of items you gave me.

I put a NO in front of the items in the list that were NOT there,
so I couldn't remove them.

Let me know what to do - I'll attack it tomorrow after work.
Thanks.

Below are a) the list with NO's , b) Ewido log c)HijackThis Log.

Ellen


NO R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
NO R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
NO R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
NO O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
NO O4 - HKCU\..\Run: [Slpa] C:\WINDOWS\system32\r?ndll.exe
NO O4 - HKCU\..\Run: [fwwmRUH7V] perdsk.exe
NO O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
NO O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
NO O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item).
Uninstall or remove the following items -

NO Surf Side Kick 3

Open Windows Explorer (right click on Start and then click on explore).
Locate and delete the following folders and files -Folders
NO C:\Program Files\SurfSideKick 3
C:\Program Files\apsi

Files
NO C:\WINDOWS\dinst.exe
NO C:\WINDOWS\cfgmgr52.dll
NO c:\windows\system32\tvhfmym.exe
No C:\WINDOWS\system32\r?ndll.exe (please do not delete rundll.exe, a legitimate windows system file)

NO rtimodem.exe
No perdsk.exe

Reboot the PC in Normal Mode.

Reboot went fine except it said "WLMON.exe failed to initialize properly"

Run Hijack This and post a fresh HJT log along with Ewido scan report.

----- EWIDO LOG-----------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:38:44 PM, 8/7/2005
+ Report-Checksum: 35C8C25B

+ Scan result:

:mozilla.15:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
:mozilla.16:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
:mozilla.17:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.18:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.19:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.20:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.22:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.30:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.31:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.32:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.33:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.34:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.46:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.47:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.55:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.61:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.62:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.95:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.99:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.100:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.103:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.105:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.106:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.110:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.111:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.113:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.115:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.116:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.118:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.119:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.121:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.122:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.123:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.124:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.126:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.127:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.129:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.131:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.132:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.253:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Error during cleaning
:mozilla.348:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Dbbsrv : Error during cleaning
:mozilla.454:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.474:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Trafic : Error during cleaning
:mozilla.480:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.485:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.486:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.499:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.501:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.540:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.541:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.546:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.547:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Specificpop : Error during cleaning
:mozilla.553:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.555:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.556:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.557:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.558:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.559:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.560:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.563:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.568:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.569:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.570:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.571:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.574:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.576:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.577:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.581:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.582:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.583:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.584:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.587:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.589:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.622:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Questionmarket : Error during cleaning
:mozilla.631:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.643:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.645:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.658:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.741:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Ivwbox : Error during cleaning
:mozilla.743:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hypertracker : Error during cleaning
:mozilla.795:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Findwhat : Error during cleaning
:mozilla.797:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.798:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.799:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.816:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.819:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.826:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.831:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.832:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.833:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.834:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.842:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.843:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.844:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.845:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.846:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.851:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.857:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.859:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.861:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.864:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.883:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.894:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.895:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.903:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.904:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.906:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.911:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.930:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
:mozilla.935:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Counted : Error during cleaning
:mozilla.974:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.975:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.978:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.993:C:\Program Files\Support.com\backup\Co\cookies.txt\100924_52974e880_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.8:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
:mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
:mozilla.18:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
:mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
:mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.28:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.30:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.32:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.42:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.50:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.51:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.59:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.66:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.67:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.99:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.103:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.104:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.107:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.109:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.110:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.114:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.115:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.117:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.119:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.120:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.122:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.123:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.125:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.126:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.127:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.128:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.130:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.131:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.133:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.135:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.136:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.257:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Error during cleaning
:mozilla.352:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Dbbsrv : Error during cleaning
:mozilla.458:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.478:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Trafic : Error during cleaning
:mozilla.484:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.489:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.490:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.503:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.505:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.544:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.545:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.550:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.551:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Specificpop : Error during cleaning
:mozilla.557:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.559:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.560:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.561:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.562:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.563:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.564:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.567:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.572:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.573:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.574:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.575:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.578:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.580:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.581:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.585:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.586:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.587:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.588:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.591:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.593:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.626:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Questionmarket : Error during cleaning
:mozilla.635:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.647:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.649:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.662:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.745:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Ivwbox : Error during cleaning
:mozilla.747:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hypertracker : Error during cleaning
:mozilla.799:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Findwhat : Error during cleaning
:mozilla.801:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.802:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.803:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Gator : Error during cleaning
:mozilla.820:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.823:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.830:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.835:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.836:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.837:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.838:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.846:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.847:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.848:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.849:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.850:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Hitslink : Error during cleaning
:mozilla.855:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.861:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.863:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.865:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.868:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.887:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.898:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.899:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.907:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
:mozilla.908:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.910:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Casalemedia : Error during cleaning
:mozilla.915:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.934:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
:mozilla.939:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Counted : Error during cleaning
:mozilla.980:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.994:C:\Program Files\Support.com\backup\Co\cookies.txt\100990_59a986d32_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.28:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.36:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.47:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
:mozilla.54:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.55:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.56:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.63:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.64:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.65:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.72:C:\Program Files\Support.com\backup\Co\cookies.txt\6100_5901a802c_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.9:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
:mozilla.10:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
:mozilla.18:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
:mozilla.24:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
:mozilla.25:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.26:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.27:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.29:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.31:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.37:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
:mozilla.38:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.39:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.40:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.41:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Pointroll : Error during cleaning
:mozilla.46:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.47:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.54:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.59:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.60:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.61:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.2o7 : Error during cleaning
:mozilla.89:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.92:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.93:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Adserver : Error during cleaning
:mozilla.96:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.98:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.99:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.103:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.104:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.106:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.108:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.109:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.111:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.112:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.114:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.115:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.116:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.117:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.119:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.120:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.122:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.124:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.125:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Esomniture : Error during cleaning
:mozilla.265:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Dbbsrv : Error during cleaning
:mozilla.351:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
:mozilla.369:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Trafic : Error during cleaning
:mozilla.374:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
:mozilla.379:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
:mozilla.391:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.393:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
:mozilla.423:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.424:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
:mozilla.428:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Specificclick : Error during cleaning
:mozilla.429:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Specificpop : Error during cleaning
:mozilla.435:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.437:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.438:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.439:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.440:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.441:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.442:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.445:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.450:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.451:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.452:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.453:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.456:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.458:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.459:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.462:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.463:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.464:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.465:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Serving-sys : Error during cleaning
:mozilla.468:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Liveperson : Error during cleaning
:mozilla.470:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Webtrendslive : Error during cleaning
:mozilla.494:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Questionmarket : Error during cleaning
:mozilla.498:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.506:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.508:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Overture : Error during cleaning
:mozilla.518:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.585:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hypertracker : Error during cleaning
:mozilla.631:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Findwhat : Error during cleaning
:mozilla.645:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.648:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.655:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.660:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
:mozilla.661:C:\Program Files\Support.com\backup\Co\cookies.txt\84659_5275d40d8_/cookies.txt -> Spyware.Cookie.Fastclick : Error during cleaning
:mozilla.666:C:\Program Files�
  • 0

#14
ecrawfor
Posted 08 August 2005 - 01:57 AM

ecrawfor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It just occurred to me that
I posted the wrong HijackThis log.
Here is the one that I ran while I was in safe mode.
The one I supplied in the previous post was run in normal mode.

I'm getting tired.

--------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:40:30 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\virusfix\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WLMonWPC54G] C:\Program Files\Linksys\Wireless-G Notebook Adapter\WLMon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Quicken Startup.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {A219C52C-2A2A-4D66-BA9F-525346B79453} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B172770E-9A9C-4343-8760-86F34148C9F2} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {D04EDD7D-3698-4900-A22C-0D71AE675CB8} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog2.games.sn...yog/y/fs9_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093579114519
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\cwshredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#15
tampabelle
Posted 08 August 2005 - 05:16 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download CleanUp
Install the program, dont run it yet, we will later.

Please download this file: Nailfix Utility
Save it to the C:\ folder. It will then be available to you even if you log into a different profile.
DO NOT run it yet.

Download dsrfix.zip
Save it to C:\ folder.
  • Unzip dsrfix.zip and extract it to C:\ folder.
  • This will create a new folder on your C:\ folder named dsrfix.
  • Do Not open that folder yet.
Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for tvhfmym.exe.
  • Open your C:\Windows\system32 folder and search for tvhfmym.exe.
    Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select tvhfmym.exe and Click Kill3
  • Then immediately delete tvhfmym.exe from your system32 folder.
Close APT.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now scan with HJT and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [u7Fg38j] rtimodem.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [buriurv] c:\windows\system32\tvhfmym.exe r
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Now open the folder dsrfix in your C:\ folder.
  • Double-Click on dsrfix.bat
  • A window will pop up briefly then close, this is normal.
Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

SurfSide Kick 3
ComcastSupport
Tioga

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\SurfSideKick 3

Files
C:\WINDOWS\cfgmgr52.dll
c:\windows\system32\tvhfmym.exe

rtimodem.exe

(Search for this file using the Windows Search function)


Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log by using Add Reply
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP