As so many of you on here, I'm experiencing problems with all the spyware/pop-up/etc. junk. I've seen WinFixer, Aurora, and VX2. I'm sure there's more. I've followed all the directions in the "read before you post...." thread and completed all those steps. Here's my logs....any help would be greatly appreciated!
Ewido Scan:
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:33:47 AM, 8/6/2005
+ Report-Checksum: 7F93690E
+ Scan result:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
[424] C:\WINNT\system32\DrPMon.dll -> Adware.BetterInternet : Error during cleaning
[784] VM_00D20000 -> Adware.BetterInternet : Error during cleaning
[1244] C:\WINNT\system32\WinStat13.dll -> Spyware.Winsta : Cleaned with backup
[848] c:\winnt\system32\hmiybjk.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\epx30104.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\ekjkid.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\epx30105.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINNT\system32\oeibic.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINNT\system32\epx30106.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINNT\system32\qkgppc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\fthrui.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\nipddr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\dvqwvgx.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\sbftqo.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\hmiybjk.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\WinStat11.dll -> Spyware.Winsta : Cleaned with backup
C:\WINNT\system32\WinStat12.dll -> Spyware.Winsta : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__fhoxe.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__dyfa.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINNT\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINNT\xqqrgd.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Administrator\installer_MARKETING35.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Program Files\Common Files\qfmu\qfmua.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\qfmu\qfmul.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\qfmu\qfmup.exe -> Spyware.Xupiter : Cleaned with backup
C:\42.exe -> Spyware.Hijacker.Generic : Cleaned with backup
::Report End
Hijack This Scan:
Logfile of HijackThis v1.99.1
Scan saved at 10:37:31 AM, on 8/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\stao\drau.exe
C:\WINNT\system32\m?hta.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\winnt\system32\lcvsgo.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINNT\system32\WinStat13.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINNT\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8D50CB7D-7A99-7939-BE0C-7B2281181394} - C:\WINNT\system32\dyfa.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [iwpovu] c:\winnt\system32\lcvsgo.exe r
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [qfmu] C:\PROGRA~1\COMMON~1\qfmu\qfmum.exe
O4 - HKCU\..\Run: [Wslo] C:\Program Files\stao\drau.exe
O4 - HKCU\..\Run: [Chm] C:\WINNT\system32\m?hta.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O15 - Trusted Zone: http://www.neededware.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe