Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer got me [RESOLVED]


  • This topic is locked This topic is locked

#31
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Things are really looking better! Here are the results of the ActivScan:

Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

And here is the new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:37:04 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetIQ VPN\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MalwareRemoval\TrojanHunter 4.2\THGuard.exe
C:\PROGRA~1\TCOYF\tcoyftray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MalwareRemoval\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\MalwareRemoval\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - HKCU\..\Run: [TCOYFReminder] C:\PROGRA~1\TCOYF\tcoyftray.exe
O4 - Startup: TDK Launcher.lnk = C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetIQ Corporation NetIQ VPN Client.lnk = C:\Program Files\NetIQ VPN\vpngui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt0_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct2_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt4_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.game...nts/y/vtj_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Trivia - http://download.game...ts/y/tvt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://agent.celebra...s/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://www.weightwat...oad/CfxIEAx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwia.ops.pl...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120172941656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intu...bles/ie/IDA.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amawebcasts....ent/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NetIQ VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks,
Laura
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Very good work! :tazz:

Let's see if we can find those files now:

Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Enter the directory to search"
    • Enter Drive eg.. C:\
  • In the box labeled "Enter the file to search"
    • Enter the file name to search for the file(s)
  • Now click on the "Find" button
  • Once the utility has found the files click on "Export"
  • This will save a text file to your C:\ drive as "Export.txt"
  • Double click on Export.txt, copy and paste this information in your next post
You will have to do one, copy the log, then the 2nd and copy the log, then the 3rd - since it saves it as export.txt each time.

thnall1a.exe
aurareco.exe
thnall1z.exe


Paste the results from each search here :)

Edited by Michelle, 17 August 2005 - 02:53 PM.

  • 0

#33
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I'm not sure, but I think that this is good...

It couldn't find any of the files.
  • 0

#34
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yep, definitely a good thing! :tazz:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#35
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here it is:

********
4:53 PM: |··· Start of Session, Wednesday, August 17, 2005 ···|
4:53 PM: Spy Sweeper started
4:53 PM: Sweep initiated using definitions version 519
4:53 PM: Starting Memory Sweep
4:56 PM: Memory Sweep Complete, Elapsed Time: 00:02:44
4:56 PM: Starting Registry Sweep
4:56 PM: Found Adware: begin2search
4:56 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
4:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
4:56 PM: Found Adware: hotsearchbar toolbar
4:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
4:56 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
4:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
4:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
4:56 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
4:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
4:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
4:56 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
4:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
4:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
4:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
4:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
4:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
4:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
4:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
4:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
4:56 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
4:56 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
4:56 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
4:56 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
4:56 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
4:56 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
4:56 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
4:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
4:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
4:56 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
4:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
4:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
4:56 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
4:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
4:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
4:56 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
4:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
4:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
4:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
4:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
4:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
4:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
4:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
4:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
4:56 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
4:56 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
4:56 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
4:56 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
4:56 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
4:56 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
4:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
4:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
4:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
4:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
4:56 PM: Found Adware: blazefind_adstat
4:56 PM: HKLM\software\classes\winstatx.installer\ (3 subtraces) (ID = 104588)
4:56 PM: HKCR\winstatx.installer\ (3 subtraces) (ID = 104594)
4:56 PM: Found Adware: bookedspace
4:56 PM: HKCR\bookedspace.extension.5\ (3 subtraces) (ID = 104858)
4:56 PM: HKLM\software\configuration manager\cfgmgr52\ (6 subtraces) (ID = 104873)
4:56 PM: Found Adware: clearsearch
4:56 PM: HKU\S-1-5-21-776561741-813497703-854245398-1003\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1004\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
4:56 PM: Found Adware: cws-aboutblank
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
4:56 PM: Found Adware: t.rack.cc hijacker
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\main\ || search page (ID = 123768)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\main\ || search bar (ID = 123769)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\main\ || start page (ID = 123772)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\search\ || searchassistant (ID = 123774)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\microsoft\internet explorer\main\ || homeoldsp (ID = 123776)
4:56 PM: Found Adware: internetoptimizer
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1005\software\policies\avenue media\ (ID = 128928)
4:56 PM: Found Adware: 180search assistant/zango
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1005\software\msbb\ (10 subtraces) (ID = 135781)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1005\software\salm\ (4 subtraces) (ID = 135792)
4:56 PM: Found Adware: syncroad
4:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/syncroadx.dll\ (2 subtraces) (ID = 143513)
4:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\syncroadx.dll (ID = 143515)
4:56 PM: Found Adware: abetterinternet
4:56 PM: HKLM\software\sdf7sdfgs324\ (ID = 146129)
4:56 PM: Found Adware: websearch toolbar
4:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (2 subtraces) (ID = 146482)
4:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow_as2.dll (ID = 146497)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1005\software\wintools\ (1 subtraces) (ID = 146514)
4:56 PM: Found Adware: winad
4:56 PM: HKLM\software\media access\ (8 subtraces) (ID = 147182)
4:56 PM: HKLM\software\windows adstatus\ (7 subtraces) (ID = 147240)
4:56 PM: Found Adware: icannnews
4:56 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
4:56 PM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
4:56 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
4:56 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
4:56 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
4:56 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
4:56 PM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
4:56 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
4:56 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
4:56 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
4:56 PM: Found Adware: cydoor
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-500\software\cydoor\ (2 subtraces) (ID = 639126)
4:56 PM: HKU\WRSS_Profile_S-1-5-21-776561741-813497703-854245398-1005\software\wintools\ (1 subtraces) (ID = 646241)
4:56 PM: Registry Sweep Complete, Elapsed Time:00:00:22
4:57 PM: Starting Cookie Sweep
4:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:57 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:57 PM: Starting File Sweep
4:57 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:58 PM: Found Adware: coolwebsearch (cws)
4:58 PM: mtwcnl32.dll (ID = 54330)
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
5:00 PM: Found Adware: shopathomeselect
5:00 PM: c:\windows\system32\sahimages (2 subtraces) (ID = -2147480329)
5:00 PM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
5:00 PM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
5:01 PM: icnfe.dll (ID = 54008)
5:01 PM: icqrt.dll (ID = 54187)
5:01 PM: icvbr.dll (ID = 54008)
5:01 PM: xcwer32.dll (ID = 54008)
5:01 PM: sdfup.dll (ID = 54008)
5:01 PM: cidft.dll (ID = 54008)
5:01 PM: cidpoq32.dll (ID = 54008)
5:01 PM: gupd.dll (ID = 54008)
5:01 PM: zxmsn.dll (ID = 54008)
5:01 PM: wecxg32.dll (ID = 54008)
5:03 PM: Found Adware: iwon
5:03 PM: iwonslot1,0,2,5.inf (ID = 64809)
5:04 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{18dcd232-17b7-436c-bec8-696e24a8bbc3}.bin". The process cannot access the file because it is being used by another process
5:05 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
5:10 PM: Found Adware: virtualbouncer
5:10 PM: c:\program files\vbouncer (ID = -2147477376)
5:11 PM: c:\program files\iwon (ID = -2147480793)
5:20 PM: Warning: Failed to open file "c:\documents and settings\belll\ntuser.dat". The process cannot access the file because it is being used by another process
5:20 PM: Warning: Failed to open file "c:\documents and settings\belll\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\belll\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\belll\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:21 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:23 PM: File Sweep Complete, Elapsed Time: 00:26:01
5:23 PM: Full Sweep has completed. Elapsed time 00:29:13
5:23 PM: Traces Found: 630
5:24 PM: Removal process initiated
5:24 PM: Quarantining All Traces: begin2search
5:24 PM: Quarantining All Traces: hotsearchbar toolbar
5:24 PM: Quarantining All Traces: blazefind_adstat
5:24 PM: Quarantining All Traces: bookedspace
5:24 PM: Quarantining All Traces: clearsearch
5:25 PM: Quarantining All Traces: cws-aboutblank
5:25 PM: Quarantining All Traces: t.rack.cc hijacker
5:25 PM: Quarantining All Traces: internetoptimizer
5:25 PM: Quarantining All Traces: 180search assistant/zango
5:25 PM: Quarantining All Traces: syncroad
5:25 PM: Quarantining All Traces: abetterinternet
5:25 PM: Quarantining All Traces: websearch toolbar
5:25 PM: Quarantining All Traces: winad
5:25 PM: Quarantining All Traces: icannnews
5:25 PM: Quarantining All Traces: cydoor
5:25 PM: Quarantining All Traces: coolwebsearch (cws)
5:25 PM: Quarantining All Traces: shopathomeselect
5:25 PM: Quarantining All Traces: iwon
5:25 PM: Quarantining All Traces: virtualbouncer
5:33 PM: Removal process completed. Elapsed time 00:08:15
********
4:52 PM: |··· Start of Session, Wednesday, August 17, 2005 ···|
4:52 PM: Spy Sweeper started
4:53 PM: |··· End of Session, Wednesday, August 17, 2005 ···|
  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Set your system to SHOW HIDDEN FILES

Then look in the C:\WINDOWS\system32 folder to see if you can find any of these files. The may have been deleted by SpySweeper, but I can't tell based on the log:

icnfe.dll
icqrt.dll
icvbr.dll
xcwer32.dll
sdfup.dll
cidft.dll
cidpoq32.dll
gupd.dll
zxmsn.dll
wecxg32.dll

Let me know if you find any of them, please.

Edited by Michelle, 17 August 2005 - 05:05 PM.

  • 0

#37
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I didn't find any of them.

thanks,
Laura
  • 0

#38
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Great :tazz:

Are you having any other problems (besides with Norton)?
  • 0

#39
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
:) Nope. No pop-ups, no redirects, no warnings from Norton, no messages from Ewido....nothing!!!

:tazz:
Thanks to you, all is quiet on the home front!

I really apprecaite all of your help!
Laura
  • 0

#40
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You're very welcome! I'm happy to hear that! :tazz:

How old is Norton? Was it purchased relatively recently?
  • 0

Advertisements


#41
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
No. It was origially pruchased at least three years ago, but we've been renewing our subscription. It expires next February.
  • 0

#42
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I went through the automated Norton Knowledge Base again to try to fix the Intrustion Detection files. It says that they have been corrupted and the automated system wasn't able to fix it. They suggest uninstalling and reinstalling the entire product, but that makes me nervous right now. Is it safe for me to go ahead and follow their instructions for that?

Also, is it good to leave SpySweeper up and running or would there be any sort of conflict between that and Spybot or Norton or Ewido?

Thanks,
Laura
  • 0

#43
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

They suggest uninstalling and reinstalling the entire product, but that makes me nervous right now. Is it safe for me to go ahead and follow their instructions for that?

As long as you don't browse around on the Internet while Norton is not there it will be fine! How will you reinstall it when you have no disk for it?

If for any reason you can not reinstall Norton or have problems getting it to work, then I highly recommend replacing it with another anti-virus program. The following 3 are free and actually work much better than Norton:
  • Avast (free for home, non-commercial use only)
  • AVG
  • Anti-Vir
  • Do not install more than one Anti-Virus program!

Also, is it good to leave SpySweeper up and running or would there be any sort of conflict between that and Spybot or Norton or Ewido?

It will be fine, they won't conflict at all, but you can uninstall SpySweeper now if you don't want to keep it for the 2 week trial. :tazz:

You can delete all of the following:

l2mfix
fixvx2.reg
Killbox
Nailfix
Dsrfix
APT

I recommend keeping Cleanup to clear temporary internet files on occassion.
Ewido is a 2 week trial of the plus version, but after the 2 weeks is up it goes to the freeware version which can be updated and run as much as you want :)

Rehide system files:

Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please let me know how it goes with the anti-virus program and I will give you my recommendations to help prevent this in the future :)
  • 0

#44
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
One more thing...
  • Download VX2Finder.
  • Double-click on VX2Finder.exe.
  • Click "Restore Policy".
  • In the File menu click "Exit".
How did it go with the anti-virus? :tazz:
  • 0

#45
laura1717

laura1717

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Michelle, Travis here helping with this issue.
Uninstall of Norton says successful remove - it wants to restart but spy sweeper has popped up with "IsDeleteme - assesment unknown"

location C:\windows\system32\cmd.exe"/c"C:\DOCUME~1\BELLL\LOCALS~1\Temp\isDel.bat

Registry or Startup Folder: HKLM: Run Once

do I delete or ignore this or keep it?

Travis
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP