Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Computer is Really Messed Up [CLOSED]

Started by johnsohn , Aug 16 2005 10:00 PM

  • This topic is locked This topic is locked

#1
johnsohn
Posted 16 August 2005 - 10:00 PM

johnsohn

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I'm new here. I found this website while trying to fix my computer (to no avail). I'm horrible with computers, and I'm not really sure what's wrong with my computer. After I do the Ad-aware scan, most of the problems keep coming back, so I was hoping this forum would help me fix my computer!

Logfile of HijackThis v1.99.1
Scan saved at 8:48:16 PM, on 8/16/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\am9obgAA\command.exe
C:\WINNT\system32\zewmgavh6.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ewpxilqv6.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ovcour.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\KEYBDMGR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Netropa\Onscre~1\OSD.exe
C:\WINNT\system32\wuwlziex.exe
C:\WINNT\iisver.exe
C:\WINNT\system32\fstopjpf.exe
C:\WINNT\system32\yqrafrkf.exe
C:\WINNT\system32\ylxylekb.exe
C:\WINNT\system32\hwrynevi.exe
C:\WINNT\system32\njnjyfyd.exe
C:\Documents and Settings\john\Desktop\HijackThis.exe
C:\WINNT\system32\pkotzzss.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\tddatymb.exe
C:\WINNT\system32\cijpgyhk.exe
C:\WINNT\system32\irozlsrj.exe
C:\WINNT\system32\ianytwpd.exe
C:\WINNT\system32\myjdwjkz.exe
C:\WINNT\system32\fqmbdpzj.exe
C:\WINNT\system32\krmpbtpj.exe
C:\WINNT\system32\ewigtdol.exe
C:\Program Files\Opera\Opera.exe
C:\WINNT\system32\zsckagyl.exe
C:\DOCUME~1\john\LOCALS~1\Temp\BMV\aurareco.exe
C:\WINNT\system32\jpoxyfcz.exe
C:\WINNT\system32\hnyijeob.exe
C:\WINNT\system32\zywnbiey.exe
C:\WINNT\system32\qaiuzwsj.exe
C:\WINNT\system32\uprowjtm.exe
C:\WINNT\system32\sspaprjh.exe
C:\WINNT\system32\lkrcdzjz.exe
C:\WINNT\system32\mvgdoydf.exe
C:\WINNT\system32\osiyagsg.exe
C:\WINNT\system32\roaaeskx.exe
C:\WINNT\system32\poyfvppd.exe
C:\WINNT\system32\aranhral.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMUSBKB2.EXE
C:\WINNT\system32\ccpqnncs.exe
C:\WINNT\system32\ps1.exe
C:\WINNT\system32\exp.exe
C:\WINNT\system32\wintask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\system32\izobnmub.exe
C:\WINNT\system32\tlfhsogr.exe
C:\WINNT\system32\nguvjlfl.exe
C:\WINNT\system32\hajrbpmy.exe
C:\WINNT\system32\avymsmks.exe
C:\WINNT\system32\qnlvrhzu.exe
C:\WINNT\system32\kharrmxo.exe
C:\WINNT\system32\xpluxhtf.exe
C:\WINNT\system32\rjaiodsr.exe
C:\WINNT\system32\htnzvhgb.exe
C:\WINNT\system32\xdihucmc.exe
C:\WINNT\system32\rypvmztx.exe
C:\Program Files\Opera\Opera.exe
C:\WINNT\system32\efhyacho.exe
C:\WINNT\system32\ocgwwekc.exe
C:\WINNT\system32\okjdycuk.exe
C:\WINNT\system32\lpseazlp.exe
C:\WINNT\system32\bznuhuzq.exe
C:\WINNT\system32\vbuizzyl.exe
C:\WINNT\system32\ovjeqvfx.exe
C:\WINNT\system32\odvltton.exe
C:\WINNT\system32\pkyrnryd.exe
C:\WINNT\system32\vfukqsjy.exe
C:\WINNT\system32\fjwgpkwu.exe
C:\WINNT\system32\iomyevfp.exe
C:\WINNT\system32\exp.exe
C:\WINNT\system32\ls44kl.exe
C:\WINNT\etb\pokapoka63.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINNT\dinst.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\vchcs.exe
C:\WINNT\system32\rypvmztx.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.23.153.20:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll
O2 - BHO: (no name) - {1759C4FF-7293-D248-3126-C687B607B173} - C:\WINNT\system32\tcfknxjh.dll
O2 - BHO: (no name) - {17C84A96-C41D-5AD2-88B0-25EAB98B2F37} - C:\WINNT\system32\vpyuajdc.dll
O2 - BHO: (no name) - {31C878E5-5044-AC4A-3C51-B1521BB55BD0} - C:\WINNT\system32\golmccxo.dll
O2 - BHO: (no name) - {33192572-7DF2-AC54-453C-B2BE91B44574} - C:\WINNT\system32\xslrtclx.dll
O2 - BHO: (no name) - {52D62940-1BF4-7244-668B-C30CFAD5863E} - C:\WINNT\system32\ekpiuwvn.dll
O2 - BHO: (no name) - {57ACB5C2-167F-6150-3371-53ABFD4110B8} - C:\WINNT\system32\yzaztkwn.dll
O2 - BHO: (no name) - {5D16C870-7508-E94F-3E01-93063153BBAD} - C:\WINNT\system32\civhjqzn.dll
O2 - BHO: (no name) - {606720CE-2A57-F91F-9BD6-7E7ED278F8D0} - C:\WINNT\system32\yksvwoux.dll
O2 - BHO: (no name) - {682E6711-F2BC-9F50-A1F6-0C026BCB18E2} - C:\WINNT\system32\tvurdkdf.dll
O2 - BHO: (no name) - {6BABD798-1E1C-7B0B-F91D-C793ED7848A2} - C:\WINNT\system32\ugfrxcxi.dll
O2 - BHO: (no name) - {79A68E19-3F94-392A-9F64-DCD206519035} - C:\WINNT\system32\imqgulhk.dll
O2 - BHO: (no name) - {7A7C3BB0-0C94-6E69-708C-264C01B2131F} - C:\WINNT\system32\ehvvvhxd.dll
O2 - BHO: (no name) - {7D7AA5C5-370B-F2A8-39BF-E5E21662DB5D} - C:\WINNT\system32\wyycbmpl.dll
O2 - BHO: (no name) - {7E60DDF1-E451-8E0E-F23F-ACE3AD7690F2} - C:\WINNT\system32\mugunymk.dll
O2 - BHO: (no name) - {82A4B26C-9E89-0EF8-397E-C2F748649EF7} - C:\WINNT\system32\qmrzfcuw.dll
O2 - BHO: (no name) - {A30753D9-5123-B970-CDA9-810FE4F88C65} - C:\WINNT\system32\kbpxaocj.dll
O2 - BHO: (no name) - {AB57E75B-2F84-3E13-3A1D-59E55D409A2F} - C:\WINNT\system32\bmqwrctt.dll
O2 - BHO: (no name) - {ACE828C9-DEA4-A742-6B97-9DA2F2C2A40C} - C:\WINNT\system32\qzlzwuxs.dll (file missing)
O2 - BHO: (no name) - {AECEE20A-6D5C-9811-0891-513FE5F8D7A3} - C:\WINNT\system32\vqsucqhs.dll
O2 - BHO: (no name) - {B5144FE0-565E-9158-6B8F-826F708E28B8} - C:\WINNT\system32\uvekisgo.dll
O2 - BHO: (no name) - {BC2925B5-E97B-DE43-274A-19639008F481} - C:\WINNT\system32\muvzghwm.dll
O2 - BHO: (no name) - {D3359242-B216-EB45-DEB9-2835CB3BD589} - C:\WINNT\system32\fflnsikt.dll
O2 - BHO: (no name) - {D585B68F-0623-115F-A226-E667817DFA73} - C:\WINNT\system32\fsxqwzmh.dll
O2 - BHO: (no name) - {E76578EE-C10F-E1D1-C4E2-A4CDEFBCD86D} - C:\WINNT\system32\lbifyvjx.dll
O2 - BHO: (no name) - {EE95AD4F-52EF-4F42-4917-3C3F560B2E23} - C:\WINNT\system32\uggopekq.dll
O2 - BHO: (no name) - {F23C9DBE-5C4E-ECF7-A652-E8CC14D91DA6} - C:\WINNT\system32\jnxaxfqg.dll
O2 - BHO: (no name) - {F4B4287A-E39B-221A-189F-2A73A91FE31E} - C:\WINNT\system32\apnpbyxa.dll
O2 - BHO: (no name) - {F59162F9-7657-2276-17DA-63496DCD8D12} - C:\WINNT\system32\imijznyc.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LIU] d:\program files\RUBICON.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wuwlziex] C:\WINNT\system32\wuwlziex.exe
O4 - HKLM\..\Run: [iisver] C:\WINNT\iisver.exe
O4 - HKLM\..\Run: [fstopjpf] C:\WINNT\system32\fstopjpf.exe
O4 - HKLM\..\Run: [yqrafrkf] C:\WINNT\system32\yqrafrkf.exe
O4 - HKLM\..\Run: [ylxylekb] C:\WINNT\system32\ylxylekb.exe
O4 - HKLM\..\Run: [hwrynevi] C:\WINNT\system32\hwrynevi.exe
O4 - HKLM\..\Run: [njnjyfyd] C:\WINNT\system32\njnjyfyd.exe
O4 - HKLM\..\Run: [pkotzzss] C:\WINNT\system32\pkotzzss.exe
O4 - HKLM\..\Run: [tddatymb] C:\WINNT\system32\tddatymb.exe
O4 - HKLM\..\Run: [cijpgyhk] C:\WINNT\system32\cijpgyhk.exe
O4 - HKLM\..\Run: [irozlsrj] C:\WINNT\system32\irozlsrj.exe
O4 - HKLM\..\Run: [ianytwpd] C:\WINNT\system32\ianytwpd.exe
O4 - HKLM\..\Run: [myjdwjkz] C:\WINNT\system32\myjdwjkz.exe
O4 - HKLM\..\Run: [fqmbdpzj] C:\WINNT\system32\fqmbdpzj.exe
O4 - HKLM\..\Run: [krmpbtpj] C:\WINNT\system32\krmpbtpj.exe
O4 - HKLM\..\Run: [ewigtdol] C:\WINNT\system32\ewigtdol.exe
O4 - HKLM\..\Run: [zsckagyl] C:\WINNT\system32\zsckagyl.exe
O4 - HKLM\..\Run: [jpoxyfcz] C:\WINNT\system32\jpoxyfcz.exe
O4 - HKLM\..\Run: [hnyijeob] C:\WINNT\system32\hnyijeob.exe
O4 - HKLM\..\Run: [zywnbiey] C:\WINNT\system32\zywnbiey.exe
O4 - HKLM\..\Run: [qaiuzwsj] C:\WINNT\system32\qaiuzwsj.exe
O4 - HKLM\..\Run: [uprowjtm] C:\WINNT\system32\uprowjtm.exe
O4 - HKLM\..\Run: [sspaprjh] C:\WINNT\system32\sspaprjh.exe
O4 - HKLM\..\Run: [lkrcdzjz] C:\WINNT\system32\lkrcdzjz.exe
O4 - HKLM\..\Run: [mvgdoydf] C:\WINNT\system32\mvgdoydf.exe
O4 - HKLM\..\Run: [osiyagsg] C:\WINNT\system32\osiyagsg.exe
O4 - HKLM\..\Run: [roaaeskx] C:\WINNT\system32\roaaeskx.exe
O4 - HKLM\..\Run: [poyfvppd] C:\WINNT\system32\poyfvppd.exe
O4 - HKLM\..\Run: [aranhral] C:\WINNT\system32\aranhral.exe
O4 - HKLM\..\Run: [ccpqnncs] C:\WINNT\system32\ccpqnncs.exe
O4 - HKLM\..\Run: [PS1] C:\WINNT\system32\ps1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteewc32.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ezdymu] c:\winnt\system32\ezdymu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [izobnmub] C:\WINNT\system32\izobnmub.exe
O4 - HKLM\..\Run: [tlfhsogr] C:\WINNT\system32\tlfhsogr.exe
O4 - HKLM\..\Run: [nguvjlfl] C:\WINNT\system32\nguvjlfl.exe
O4 - HKLM\..\Run: [hajrbpmy] C:\WINNT\system32\hajrbpmy.exe
O4 - HKLM\..\Run: [avymsmks] C:\WINNT\system32\avymsmks.exe
O4 - HKLM\..\Run: [qnlvrhzu] C:\WINNT\system32\qnlvrhzu.exe
O4 - HKLM\..\Run: [kharrmxo] C:\WINNT\system32\kharrmxo.exe
O4 - HKLM\..\Run: [xpluxhtf] C:\WINNT\system32\xpluxhtf.exe
O4 - HKLM\..\Run: [rjaiodsr] C:\WINNT\system32\rjaiodsr.exe
O4 - HKLM\..\Run: [htnzvhgb] C:\WINNT\system32\htnzvhgb.exe
O4 - HKLM\..\Run: [xdihucmc] C:\WINNT\system32\xdihucmc.exe
O4 - HKLM\..\Run: [rypvmztx] C:\WINNT\system32\rypvmztx.exe
O4 - HKLM\..\Run: [efhyacho] C:\WINNT\system32\efhyacho.exe
O4 - HKLM\..\Run: [ocgwwekc] C:\WINNT\system32\ocgwwekc.exe
O4 - HKLM\..\Run: [okjdycuk] C:\WINNT\system32\okjdycuk.exe
O4 - HKLM\..\Run: [lpseazlp] C:\WINNT\system32\lpseazlp.exe
O4 - HKLM\..\Run: [bznuhuzq] C:\WINNT\system32\bznuhuzq.exe
O4 - HKLM\..\Run: [vbuizzyl] C:\WINNT\system32\vbuizzyl.exe
O4 - HKLM\..\Run: [ovjeqvfx] C:\WINNT\system32\ovjeqvfx.exe
O4 - HKLM\..\Run: [odvltton] C:\WINNT\system32\odvltton.exe
O4 - HKLM\..\Run: [pkyrnryd] C:\WINNT\system32\pkyrnryd.exe
O4 - HKLM\..\Run: [vfukqsjy] C:\WINNT\system32\vfukqsjy.exe
O4 - HKLM\..\Run: [fjwgpkwu] C:\WINNT\system32\fjwgpkwu.exe
O4 - HKLM\..\Run: [iomyevfp] C:\WINNT\system32\iomyevfp.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sxudwd] C:\WINNT\sxudwd.exe
O4 - HKLM\..\Run: [exp] C:\WINNT\system32\exp
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [MfdpW] C:\WINNT\vchcs.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\aranhral.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [od-teen1] c:\program files\OnlineDialer\od-teen1.exe -m
O4 - HKCU\..\Run: [od-teen49] c:\program files\OnlineDialer\od-teen49.exe -m
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [umrr] C:\PROGRA~1\COMMON~1\umrr\umrrm.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: nipp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\john\aim.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\am9obgAA\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: wfikgjmhyfrp (dtmqwfoz6) - Unknown owner - C:\WINNT\system32\zewmgavh6.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: zxkesoanzokc (lyynodhq6) - Unknown owner - C:\WINNT\system32\ewpxilqv6.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe

Thanks in advanced!

Edit:

Woops, I forgot to say what happens to my computer. Usually after 5 minutes after logging in, 3 process errors always pop-up (exp.exe, wintask.exe, and I don't remember the other one). Then the virtual memory goes out and none of the programs will launch. IE never works, so I use Opera. My computer has never been slower than this before!

Edited by johnsohn, 16 August 2005 - 10:21 PM.

  • 0

Advertisements

#2
andydf
Posted 19 August 2005 - 05:35 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hello johnsohn and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have received help elsewhere or no longer need our assistance, please let us know.

Andy :tazz:
  • 0

#3
johnsohn
Posted 19 August 2005 - 06:02 PM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Andy! I'm so thankful that people are willing to help me!

So I just did the ewido scan and I'll post the hijackthis scan logs in a bit.

Woops, I think I'll have to put it in another post (won't fit here)

Edit:

Oh yea, and there are still some problems:

-I still can't start a program after 5 minutes of logging in
-The desktop and start bar freeze up after 5 minutes

Other than that, everything else is fine!

Edited by johnsohn, 19 August 2005 - 07:19 PM.

  • 0

#4
johnsohn
Posted 19 August 2005 - 06:59 PM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:31:22 PM, 8/19/2005
+ Report-Checksum: 627CC710

+ Scan result:

HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-448539723-1993962763-1060284298-1001\Software\DelFin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-448539723-1993962763-1060284298-1001\Software\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-448539723-1993962763-1060284298-1001\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-448539723-1993962763-1060284298-1001\Software\LQ -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SLY3CHMB\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
:mozilla.9:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.26:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.27:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.29:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.43:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.46:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.59:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.125:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.146:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.147:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\a2o3fimw.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.6:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.17:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.80:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.81:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.87:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.102:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.128:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.143:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.161:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.170:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.173:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.187:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.189:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.190:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.191:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\default.0rw\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\john\Cookies\john@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\john\Cookies\john@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\john\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\john\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\john\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\john\Cookies\john@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\john\Cookies\[email protected][2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\john\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\john\Local Settings\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\john\Local Settings\Temp\64.tmp\thnall1z.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Del44.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Del55.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Del83.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\DelD2.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\MediaGateway2 -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\res45.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\res85.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\temp.frD265 -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1EJCHMZ\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\john\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1EJCHMZ\exitpop[1].htm -> Trojan.NoClose.i : Cleaned with backup
:mozilla.8:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.52:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.53:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.54:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.55:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.56:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.58:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.107:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.109:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.110:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.111:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.112:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.114:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\meeyoung\Application Data\Mozilla\Firefox\Profiles\0hwl2xln.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\m
  • 0

#5
johnsohn
Posted 19 August 2005 - 07:10 PM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:50:01 PM, on 8/19/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Opera\Opera.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\john\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.23.153.20:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: (no name) - {1759C4FF-7293-D248-3126-C687B607B173} - C:\WINNT\system32\tcfknxjh.dll (file missing)
O2 - BHO: (no name) - {17C84A96-C41D-5AD2-88B0-25EAB98B2F37} - C:\WINNT\system32\vpyuajdc.dll (file missing)
O2 - BHO: (no name) - {31C878E5-5044-AC4A-3C51-B1521BB55BD0} - C:\WINNT\system32\golmccxo.dll (file missing)
O2 - BHO: (no name) - {33192572-7DF2-AC54-453C-B2BE91B44574} - C:\WINNT\system32\xslrtclx.dll (file missing)
O2 - BHO: (no name) - {52D62940-1BF4-7244-668B-C30CFAD5863E} - C:\WINNT\system32\ekpiuwvn.dll (file missing)
O2 - BHO: (no name) - {57ACB5C2-167F-6150-3371-53ABFD4110B8} - C:\WINNT\system32\yzaztkwn.dll (file missing)
O2 - BHO: (no name) - {5D16C870-7508-E94F-3E01-93063153BBAD} - C:\WINNT\system32\civhjqzn.dll (file missing)
O2 - BHO: (no name) - {606720CE-2A57-F91F-9BD6-7E7ED278F8D0} - C:\WINNT\system32\yksvwoux.dll (file missing)
O2 - BHO: (no name) - {682E6711-F2BC-9F50-A1F6-0C026BCB18E2} - C:\WINNT\system32\tvurdkdf.dll (file missing)
O2 - BHO: (no name) - {6BABD798-1E1C-7B0B-F91D-C793ED7848A2} - C:\WINNT\system32\ugfrxcxi.dll (file missing)
O2 - BHO: (no name) - {79A68E19-3F94-392A-9F64-DCD206519035} - C:\WINNT\system32\imqgulhk.dll (file missing)
O2 - BHO: (no name) - {7A7C3BB0-0C94-6E69-708C-264C01B2131F} - C:\WINNT\system32\ehvvvhxd.dll (file missing)
O2 - BHO: (no name) - {7D7AA5C5-370B-F2A8-39BF-E5E21662DB5D} - C:\WINNT\system32\wyycbmpl.dll (file missing)
O2 - BHO: (no name) - {7E60DDF1-E451-8E0E-F23F-ACE3AD7690F2} - C:\WINNT\system32\mugunymk.dll (file missing)
O2 - BHO: (no name) - {82A4B26C-9E89-0EF8-397E-C2F748649EF7} - C:\WINNT\system32\qmrzfcuw.dll (file missing)
O2 - BHO: (no name) - {A30753D9-5123-B970-CDA9-810FE4F88C65} - C:\WINNT\system32\kbpxaocj.dll (file missing)
O2 - BHO: (no name) - {AB57E75B-2F84-3E13-3A1D-59E55D409A2F} - C:\WINNT\system32\bmqwrctt.dll (file missing)
O2 - BHO: (no name) - {ACE828C9-DEA4-A742-6B97-9DA2F2C2A40C} - C:\WINNT\system32\qzlzwuxs.dll (file missing)
O2 - BHO: (no name) - {AECEE20A-6D5C-9811-0891-513FE5F8D7A3} - C:\WINNT\system32\vqsucqhs.dll (file missing)
O2 - BHO: (no name) - {B5144FE0-565E-9158-6B8F-826F708E28B8} - C:\WINNT\system32\uvekisgo.dll (file missing)
O2 - BHO: (no name) - {BC2925B5-E97B-DE43-274A-19639008F481} - C:\WINNT\system32\muvzghwm.dll (file missing)
O2 - BHO: (no name) - {D3359242-B216-EB45-DEB9-2835CB3BD589} - C:\WINNT\system32\fflnsikt.dll (file missing)
O2 - BHO: (no name) - {D585B68F-0623-115F-A226-E667817DFA73} - C:\WINNT\system32\fsxqwzmh.dll (file missing)
O2 - BHO: (no name) - {E76578EE-C10F-E1D1-C4E2-A4CDEFBCD86D} - C:\WINNT\system32\lbifyvjx.dll (file missing)
O2 - BHO: (no name) - {EE95AD4F-52EF-4F42-4917-3C3F560B2E23} - C:\WINNT\system32\uggopekq.dll (file missing)
O2 - BHO: (no name) - {F23C9DBE-5C4E-ECF7-A652-E8CC14D91DA6} - C:\WINNT\system32\jnxaxfqg.dll (file missing)
O2 - BHO: (no name) - {F4B4287A-E39B-221A-189F-2A73A91FE31E} - C:\WINNT\system32\apnpbyxa.dll (file missing)
O2 - BHO: (no name) - {F59162F9-7657-2276-17DA-63496DCD8D12} - C:\WINNT\system32\imijznyc.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LIU] d:\program files\RUBICON.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iisver] C:\WINNT\iisver.exe
O4 - HKLM\..\Run: [fqmbdpzj] C:\WINNT\system32\fqmbdpzj.exe
O4 - HKLM\..\Run: [krmpbtpj] C:\WINNT\system32\krmpbtpj.exe
O4 - HKLM\..\Run: [ewigtdol] C:\WINNT\system32\ewigtdol.exe
O4 - HKLM\..\Run: [zsckagyl] C:\WINNT\system32\zsckagyl.exe
O4 - HKLM\..\Run: [jpoxyfcz] C:\WINNT\system32\jpoxyfcz.exe
O4 - HKLM\..\Run: [hnyijeob] C:\WINNT\system32\hnyijeob.exe
O4 - HKLM\..\Run: [zywnbiey] C:\WINNT\system32\zywnbiey.exe
O4 - HKLM\..\Run: [qaiuzwsj] C:\WINNT\system32\qaiuzwsj.exe
O4 - HKLM\..\Run: [uprowjtm] C:\WINNT\system32\uprowjtm.exe
O4 - HKLM\..\Run: [sspaprjh] C:\WINNT\system32\sspaprjh.exe
O4 - HKLM\..\Run: [lkrcdzjz] C:\WINNT\system32\lkrcdzjz.exe
O4 - HKLM\..\Run: [mvgdoydf] C:\WINNT\system32\mvgdoydf.exe
O4 - HKLM\..\Run: [osiyagsg] C:\WINNT\system32\osiyagsg.exe
O4 - HKLM\..\Run: [roaaeskx] C:\WINNT\system32\roaaeskx.exe
O4 - HKLM\..\Run: [poyfvppd] C:\WINNT\system32\poyfvppd.exe
O4 - HKLM\..\Run: [aranhral] C:\WINNT\system32\aranhral.exe
O4 - HKLM\..\Run: [ccpqnncs] C:\WINNT\system32\ccpqnncs.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ezdymu] c:\winnt\system32\ezdymu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [izobnmub] C:\WINNT\system32\izobnmub.exe
O4 - HKLM\..\Run: [tlfhsogr] C:\WINNT\system32\tlfhsogr.exe
O4 - HKLM\..\Run: [nguvjlfl] C:\WINNT\system32\nguvjlfl.exe
O4 - HKLM\..\Run: [hajrbpmy] C:\WINNT\system32\hajrbpmy.exe
O4 - HKLM\..\Run: [avymsmks] C:\WINNT\system32\avymsmks.exe
O4 - HKLM\..\Run: [qnlvrhzu] C:\WINNT\system32\qnlvrhzu.exe
O4 - HKLM\..\Run: [kharrmxo] C:\WINNT\system32\kharrmxo.exe
O4 - HKLM\..\Run: [xpluxhtf] C:\WINNT\system32\xpluxhtf.exe
O4 - HKLM\..\Run: [rjaiodsr] C:\WINNT\system32\rjaiodsr.exe
O4 - HKLM\..\Run: [htnzvhgb] C:\WINNT\system32\htnzvhgb.exe
O4 - HKLM\..\Run: [xdihucmc] C:\WINNT\system32\xdihucmc.exe
O4 - HKLM\..\Run: [rypvmztx] C:\WINNT\system32\rypvmztx.exe
O4 - HKLM\..\Run: [efhyacho] C:\WINNT\system32\efhyacho.exe
O4 - HKLM\..\Run: [ocgwwekc] C:\WINNT\system32\ocgwwekc.exe
O4 - HKLM\..\Run: [okjdycuk] C:\WINNT\system32\okjdycuk.exe
O4 - HKLM\..\Run: [lpseazlp] C:\WINNT\system32\lpseazlp.exe
O4 - HKLM\..\Run: [bznuhuzq] C:\WINNT\system32\bznuhuzq.exe
O4 - HKLM\..\Run: [vbuizzyl] C:\WINNT\system32\vbuizzyl.exe
O4 - HKLM\..\Run: [ovjeqvfx] C:\WINNT\system32\ovjeqvfx.exe
O4 - HKLM\..\Run: [odvltton] C:\WINNT\system32\odvltton.exe
O4 - HKLM\..\Run: [pkyrnryd] C:\WINNT\system32\pkyrnryd.exe
O4 - HKLM\..\Run: [vfukqsjy] C:\WINNT\system32\vfukqsjy.exe
O4 - HKLM\..\Run: [fjwgpkwu] C:\WINNT\system32\fjwgpkwu.exe
O4 - HKLM\..\Run: [iomyevfp] C:\WINNT\system32\iomyevfp.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sxudwd] C:\WINNT\sxudwd.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [od-teen1] c:\program files\OnlineDialer\od-teen1.exe -m
O4 - HKCU\..\Run: [od-teen49] c:\program files\OnlineDialer\od-teen49.exe -m
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [umrr] C:\PROGRA~1\COMMON~1\umrr\umrrm.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: nipp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\john\aim.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\am9obgAA\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: wfikgjmhyfrp (dtmqwfoz6) - Unknown owner - C:\WINNT\system32\zewmgavh6.exe
O23 - Service: ewido security suite control - ewido networks - D:\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: zxkesoanzokc (lyynodhq6) - Unknown owner - C:\WINNT\system32\ewpxilqv6.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe


Uninstall List:


Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0
Adobe Type Manager 4.0
AOL Instant Messenger
Apple QuickTime Installer
BM Win app
CGI-lid
Command
DivX
DivX Player
Dolet Light for Finale 2005
DV5 Plus
EasyStudio II File Manager
ewido security suite
Finale 2005
Finale Performance Assessment
GameGuard
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
ImageWalker 2.01 (remove only)
J2SE Runtime Environment 5.0 Update 4
LimeWire 4.8.1
Logitech ImageStudio
Macromedia Shockwave Player
MeetingBox
Microsoft Data Access Components KB870669
Microsoft NetShow Tools 2.0
Microsoft Office XP Professional with FrontPage
Microsoft VGX Q833989
Miniature Tetris
mIRC
Monopoly
Mozilla Firefox (1.0.6)
nProtect KeyCrypt
One-touch Multimedia Keyboard
Opera
Outlook Express Q823353
Practice Makes Perfect German
QuickTime
Samsung Mobile USB Modem Software
Shareaza version 2.1.0.0
Shockwave
Snood for Windows version 3.01-W
Switch Uninstall
TSA
Viewpoint Media Player
WavePad Uninstall
Win Search
Winamp (remove only)
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828028
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB873339
Windows 2000 Hotfix - KB885835
Windows 2000 Hotfix - KB885836
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix (Pre-SP4) [See Q320206 for more information]
Windows 2000 Hotfix (Pre-SP4) [See q323172 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q324096 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q324380 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326830 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q326886 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329115 for more information]
Windows 2000 Hotfix (Pre-SP4) [See Q329834 for more information]
Windows 2000 Hotfix (Pre-SP4) Q328310
Windows 2000 Hotfix (Pre-SP4) Q329170
Windows 2000 Hotfix (Pre-SP4) Q331953
Windows 2000 Hotfix (Pre-SP4) Q810833
Windows 2000 Hotfix (SP4) KB810217
Windows 2000 Hotfix (SP4) KB817606
Windows 2000 Hotfix (SP4) KB822679
Windows 2000 Hotfix (SP4) Q329553
Windows 2000 Hotfix (SP4) Q811493
Windows 2000 Hotfix (SP4) Q814033
Windows 2000 Hotfix (SP4) Q815021
Windows 2000 Service Pack 3
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
WinZip
XviD Media Codec 1.0.2
  • 0

#6
andydf
Posted 20 August 2005 - 09:54 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi johnsohn

Lets see if we can clear a few things out.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: (no name) - {1759C4FF-7293-D248-3126-C687B607B173} - C:\WINNT\system32\tcfknxjh.dll (file missing)
O2 - BHO: (no name) - {17C84A96-C41D-5AD2-88B0-25EAB98B2F37} - C:\WINNT\system32\vpyuajdc.dll (file missing)
O2 - BHO: (no name) - {31C878E5-5044-AC4A-3C51-B1521BB55BD0} - C:\WINNT\system32\golmccxo.dll (file missing)
O2 - BHO: (no name) - {33192572-7DF2-AC54-453C-B2BE91B44574} - C:\WINNT\system32\xslrtclx.dll (file missing)
O2 - BHO: (no name) - {52D62940-1BF4-7244-668B-C30CFAD5863E} - C:\WINNT\system32\ekpiuwvn.dll (file missing)
O2 - BHO: (no name) - {57ACB5C2-167F-6150-3371-53ABFD4110B8} - C:\WINNT\system32\yzaztkwn.dll (file missing)
O2 - BHO: (no name) - {5D16C870-7508-E94F-3E01-93063153BBAD} - C:\WINNT\system32\civhjqzn.dll (file missing)
O2 - BHO: (no name) - {606720CE-2A57-F91F-9BD6-7E7ED278F8D0} - C:\WINNT\system32\yksvwoux.dll (file missing)
O2 - BHO: (no name) - {682E6711-F2BC-9F50-A1F6-0C026BCB18E2} - C:\WINNT\system32\tvurdkdf.dll (file missing)
O2 - BHO: (no name) - {6BABD798-1E1C-7B0B-F91D-C793ED7848A2} - C:\WINNT\system32\ugfrxcxi.dll (file missing)
O2 - BHO: (no name) - {79A68E19-3F94-392A-9F64-DCD206519035} - C:\WINNT\system32\imqgulhk.dll (file missing)
O2 - BHO: (no name) - {7A7C3BB0-0C94-6E69-708C-264C01B2131F} - C:\WINNT\system32\ehvvvhxd.dll (file missing)
O2 - BHO: (no name) - {7D7AA5C5-370B-F2A8-39BF-E5E21662DB5D} - C:\WINNT\system32\wyycbmpl.dll (file missing)
O2 - BHO: (no name) - {7E60DDF1-E451-8E0E-F23F-ACE3AD7690F2} - C:\WINNT\system32\mugunymk.dll (file missing)
O2 - BHO: (no name) - {82A4B26C-9E89-0EF8-397E-C2F748649EF7} - C:\WINNT\system32\qmrzfcuw.dll (file missing)
O2 - BHO: (no name) - {A30753D9-5123-B970-CDA9-810FE4F88C65} - C:\WINNT\system32\kbpxaocj.dll (file missing)
O2 - BHO: (no name) - {AB57E75B-2F84-3E13-3A1D-59E55D409A2F} - C:\WINNT\system32\bmqwrctt.dll (file missing)
O2 - BHO: (no name) - {ACE828C9-DEA4-A742-6B97-9DA2F2C2A40C} - C:\WINNT\system32\qzlzwuxs.dll (file missing)
O2 - BHO: (no name) - {AECEE20A-6D5C-9811-0891-513FE5F8D7A3} - C:\WINNT\system32\vqsucqhs.dll (file missing)
O2 - BHO: (no name) - {B5144FE0-565E-9158-6B8F-826F708E28B8} - C:\WINNT\system32\uvekisgo.dll (file missing)
O2 - BHO: (no name) - {BC2925B5-E97B-DE43-274A-19639008F481} - C:\WINNT\system32\muvzghwm.dll (file missing)
O2 - BHO: (no name) - {D3359242-B216-EB45-DEB9-2835CB3BD589} - C:\WINNT\system32\fflnsikt.dll (file missing)
O2 - BHO: (no name) - {D585B68F-0623-115F-A226-E667817DFA73} - C:\WINNT\system32\fsxqwzmh.dll (file missing)
O2 - BHO: (no name) - {E76578EE-C10F-E1D1-C4E2-A4CDEFBCD86D} - C:\WINNT\system32\lbifyvjx.dll (file missing)
O2 - BHO: (no name) - {EE95AD4F-52EF-4F42-4917-3C3F560B2E23} - C:\WINNT\system32\uggopekq.dll (file missing)
O2 - BHO: (no name) - {F23C9DBE-5C4E-ECF7-A652-E8CC14D91DA6} - C:\WINNT\system32\jnxaxfqg.dll (file missing)
O2 - BHO: (no name) - {F4B4287A-E39B-221A-189F-2A73A91FE31E} - C:\WINNT\system32\apnpbyxa.dll (file missing)
O2 - BHO: (no name) - {F59162F9-7657-2276-17DA-63496DCD8D12} - C:\WINNT\system32\imijznyc.dll (file missing)
O4 - HKLM\..\Run: [iisver] C:\WINNT\iisver.exe
O4 - HKLM\..\Run: [fqmbdpzj] C:\WINNT\system32\fqmbdpzj.exe
O4 - HKLM\..\Run: [krmpbtpj] C:\WINNT\system32\krmpbtpj.exe
O4 - HKLM\..\Run: [ewigtdol] C:\WINNT\system32\ewigtdol.exe
O4 - HKLM\..\Run: [zsckagyl] C:\WINNT\system32\zsckagyl.exe
O4 - HKLM\..\Run: [jpoxyfcz] C:\WINNT\system32\jpoxyfcz.exe
O4 - HKLM\..\Run: [hnyijeob] C:\WINNT\system32\hnyijeob.exe
O4 - HKLM\..\Run: [zywnbiey] C:\WINNT\system32\zywnbiey.exe
O4 - HKLM\..\Run: [qaiuzwsj] C:\WINNT\system32\qaiuzwsj.exe
O4 - HKLM\..\Run: [uprowjtm] C:\WINNT\system32\uprowjtm.exe
O4 - HKLM\..\Run: [sspaprjh] C:\WINNT\system32\sspaprjh.exe
O4 - HKLM\..\Run: [lkrcdzjz] C:\WINNT\system32\lkrcdzjz.exe
O4 - HKLM\..\Run: [mvgdoydf] C:\WINNT\system32\mvgdoydf.exe
O4 - HKLM\..\Run: [osiyagsg] C:\WINNT\system32\osiyagsg.exe
O4 - HKLM\..\Run: [roaaeskx] C:\WINNT\system32\roaaeskx.exe
O4 - HKLM\..\Run: [poyfvppd] C:\WINNT\system32\poyfvppd.exe
O4 - HKLM\..\Run: [aranhral] C:\WINNT\system32\aranhral.exe
O4 - HKLM\..\Run: [ccpqnncs] C:\WINNT\system32\ccpqnncs.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ezdymu] c:\winnt\system32\ezdymu.exe
O4 - HKLM\..\Run: [izobnmub] C:\WINNT\system32\izobnmub.exe
O4 - HKLM\..\Run: [tlfhsogr] C:\WINNT\system32\tlfhsogr.exe
O4 - HKLM\..\Run: [nguvjlfl] C:\WINNT\system32\nguvjlfl.exe
O4 - HKLM\..\Run: [hajrbpmy] C:\WINNT\system32\hajrbpmy.exe
O4 - HKLM\..\Run: [avymsmks] C:\WINNT\system32\avymsmks.exe
O4 - HKLM\..\Run: [qnlvrhzu] C:\WINNT\system32\qnlvrhzu.exe
O4 - HKLM\..\Run: [kharrmxo] C:\WINNT\system32\kharrmxo.exe
O4 - HKLM\..\Run: [xpluxhtf] C:\WINNT\system32\xpluxhtf.exe
O4 - HKLM\..\Run: [rjaiodsr] C:\WINNT\system32\rjaiodsr.exe
O4 - HKLM\..\Run: [htnzvhgb] C:\WINNT\system32\htnzvhgb.exe
O4 - HKLM\..\Run: [xdihucmc] C:\WINNT\system32\xdihucmc.exe
O4 - HKLM\..\Run: [rypvmztx] C:\WINNT\system32\rypvmztx.exe
O4 - HKLM\..\Run: [efhyacho] C:\WINNT\system32\efhyacho.exe
O4 - HKLM\..\Run: [ocgwwekc] C:\WINNT\system32\ocgwwekc.exe
O4 - HKLM\..\Run: [okjdycuk] C:\WINNT\system32\okjdycuk.exe
O4 - HKLM\..\Run: [lpseazlp] C:\WINNT\system32\lpseazlp.exe
O4 - HKLM\..\Run: [bznuhuzq] C:\WINNT\system32\bznuhuzq.exe
O4 - HKLM\..\Run: [vbuizzyl] C:\WINNT\system32\vbuizzyl.exe
O4 - HKLM\..\Run: [ovjeqvfx] C:\WINNT\system32\ovjeqvfx.exe
O4 - HKLM\..\Run: [odvltton] C:\WINNT\system32\odvltton.exe
O4 - HKLM\..\Run: [pkyrnryd] C:\WINNT\system32\pkyrnryd.exe
O4 - HKLM\..\Run: [vfukqsjy] C:\WINNT\system32\vfukqsjy.exe
O4 - HKLM\..\Run: [fjwgpkwu] C:\WINNT\system32\fjwgpkwu.exe
O4 - HKLM\..\Run: [iomyevfp] C:\WINNT\system32\iomyevfp.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sxudwd] C:\WINNT\sxudwd.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKCU\..\Run: [od-teen1] c:\program files\OnlineDialer\od-teen1.exe -m
O4 - HKCU\..\Run: [od-teen49] c:\program files\OnlineDialer\od-teen49.exe -m
O4 - HKCU\..\Run: [umrr] C:\PROGRA~1\COMMON~1\umrr\umrrm.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - Global Startup: nipp.exe
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\am9obgAA\command.exe
O23 - Service: wfikgjmhyfrp (dtmqwfoz6) - Unknown owner - C:\WINNT\system32\zewmgavh6.exe
O23 - Service: zxkesoanzokc (lyynodhq6) - Unknown owner - C:\WINNT\system32\ewpxilqv6.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Win Search

Please note any other programs that you dont recognize in add/remove in your next response

Please delete these folders using Windows Explorer(if present):

c:\program files\OnlineDialer
C:\PROGRA~1\COMMON~1\umrr
C:\WINNT\am9obgAA

Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

C:\WINNT\dsr.dll
C:\WINNT\system32\tcfknxjh.dll
C:\WINNT\system32\vpyuajdc.dll
C:\WINNT\system32\golmccxo.dll
C:\WINNT\system32\xslrtclx.dll
C:\WINNT\system32\ekpiuwvn.dll
C:\WINNT\system32\yzaztkwn.dll
C:\WINNT\system32\civhjqzn.dll
C:\WINNT\system32\yksvwoux.dll
C:\WINNT\system32\tvurdkdf.dll
C:\WINNT\system32\ugfrxcxi.dll
C:\WINNT\system32\imqgulhk.dll
C:\WINNT\system32\ehvvvhxd.dll
C:\WINNT\system32\wyycbmpl.dll
C:\WINNT\system32\mugunymk.dll
C:\WINNT\system32\qmrzfcuw.dll
C:\WINNT\system32\kbpxaocj.dll
C:\WINNT\system32\bmqwrctt.dll
C:\WINNT\system32\qzlzwuxs.dll
C:\WINNT\system32\vqsucqhs.dll
C:\WINNT\system32\uvekisgo.dll
C:\WINNT\system32\muvzghwm.dll
C:\WINNT\system32\fflnsikt.dll
C:\WINNT\system32\fsxqwzmh.dll
C:\WINNT\system32\lbifyvjx.dll
C:\WINNT\system32\uggopekq.dll
C:\WINNT\system32\jnxaxfqg.dll
C:\WINNT\system32\apnpbyxa.dll
C:\WINNT\system32\imijznyc.dll
C:\WINNT\iisver.exe
C:\WINNT\system32\fqmbdpzj.exe
C:\WINNT\system32\krmpbtpj.exe
C:\WINNT\system32\ewigtdol.exe
C:\WINNT\system32\zsckagyl.exe
C:\WINNT\system32\jpoxyfcz.exe
C:\WINNT\system32\hnyijeob.exe
C:\WINNT\system32\zywnbiey.exe
C:\WINNT\system32\qaiuzwsj.exe
C:\WINNT\system32\uprowjtm.exe
C:\WINNT\system32\sspaprjh.exe
C:\WINNT\system32\lkrcdzjz.exe
C:\WINNT\system32\mvgdoydf.exe
C:\WINNT\system32\osiyagsg.exe
C:\WINNT\system32\roaaeskx.exe
C:\WINNT\system32\poyfvppd.exe
C:\WINNT\system32\aranhral.exe
C:\WINNT\system32\ccpqnncs.exe
C:\WINNT\VCMnet11.exe
C:\WINNT\cfgmgr52.dll,DllRun
c:\winnt\system32\ezdymu.exe
C:\WINNT\system32\izobnmub.exe
C:\WINNT\system32\tlfhsogr.exe
C:\WINNT\system32\nguvjlfl.exe
C:\WINNT\system32\hajrbpmy.exe
C:\WINNT\system32\avymsmks.exe
C:\WINNT\system32\qnlvrhzu.exe
C:\WINNT\system32\kharrmxo.exe
C:\WINNT\system32\xpluxhtf.exe
C:\WINNT\system32\rjaiodsr.exe
C:\WINNT\system32\htnzvhgb.exe
C:\WINNT\system32\xdihucmc.exe
C:\WINNT\system32\rypvmztx.exe
C:\WINNT\system32\efhyacho.exe
C:\WINNT\system32\ocgwwekc.exe
C:\WINNT\system32\okjdycuk.exe
C:\WINNT\system32\lpseazlp.exe
C:\WINNT\system32\bznuhuzq.exe
C:\WINNT\system32\vbuizzyl.exe
C:\WINNT\system32\ovjeqvfx.exe
C:\WINNT\system32\odvltton.exe
C:\WINNT\system32\pkyrnryd.exe
C:\WINNT\system32\vfukqsjy.exe
C:\WINNT\system32\fjwgpkwu.exe
C:\WINNT\system32\iomyevfp.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINNT\sxudwd.exe
C:\WINNT\system32\ls44kl.exe reg_run
C:\WINNT\etb\pokapoka63.exe
C:\WINNT\etb\pokapoka63.exe
C:\WINNT\system32\ls44kl.exe reg_run
C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
nipp.exe
C:\WINNT\system32\zewmgavh6.exe
C:\WINNT\system32\ewpxilqv6.exe
C:\WINNT\svcproc.exe

After that, Reboot.


Andy :tazz:
  • 0

#7
johnsohn
Posted 20 August 2005 - 09:05 PM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oh. My. God. My computer is... normal! I haven't seen it like this in a while! Thank you so much. I recognize all of the programs and everything seems to be running smoothly.

Thank you so much! I'll come here again if my computer gets messed up (hopefully not again)!

John
  • 0

#8
andydf
Posted 21 August 2005 - 05:02 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi johnsohn

Hang on, your not out of the woods yet, please post another HJT log ASAP

Thanks

Andy
  • 0

#9
johnsohn
Posted 21 August 2005 - 01:23 PM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hopefully there's nothing left!

Logfile of HijackThis v1.99.1
Scan saved at 12:13:25 PM, on 8/21/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\am9obgAA\command.exe
C:\WINNT\System32\svchost.exe
D:\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\KEYBDMGR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\Netropa\Onscre~1\OSD.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMUSBKB2.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\john\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.23.153.20:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1759C4FF-7293-D248-3126-C687B607B173} - (no file)
O2 - BHO: (no name) - {17C84A96-C41D-5AD2-88B0-25EAB98B2F37} - (no file)
O2 - BHO: (no name) - {31C878E5-5044-AC4A-3C51-B1521BB55BD0} - (no file)
O2 - BHO: (no name) - {33192572-7DF2-AC54-453C-B2BE91B44574} - (no file)
O2 - BHO: (no name) - {52D62940-1BF4-7244-668B-C30CFAD5863E} - (no file)
O2 - BHO: (no name) - {57ACB5C2-167F-6150-3371-53ABFD4110B8} - (no file)
O2 - BHO: (no name) - {5D16C870-7508-E94F-3E01-93063153BBAD} - (no file)
O2 - BHO: (no name) - {606720CE-2A57-F91F-9BD6-7E7ED278F8D0} - (no file)
O2 - BHO: (no name) - {682E6711-F2BC-9F50-A1F6-0C026BCB18E2} - (no file)
O2 - BHO: (no name) - {6BABD798-1E1C-7B0B-F91D-C793ED7848A2} - (no file)
O2 - BHO: (no name) - {79A68E19-3F94-392A-9F64-DCD206519035} - (no file)
O2 - BHO: (no name) - {7A7C3BB0-0C94-6E69-708C-264C01B2131F} - (no file)
O2 - BHO: (no name) - {7D7AA5C5-370B-F2A8-39BF-E5E21662DB5D} - (no file)
O2 - BHO: (no name) - {7E60DDF1-E451-8E0E-F23F-ACE3AD7690F2} - (no file)
O2 - BHO: (no name) - {82A4B26C-9E89-0EF8-397E-C2F748649EF7} - (no file)
O2 - BHO: (no name) - {A30753D9-5123-B970-CDA9-810FE4F88C65} - (no file)
O2 - BHO: (no name) - {AB57E75B-2F84-3E13-3A1D-59E55D409A2F} - (no file)
O2 - BHO: (no name) - {ACE828C9-DEA4-A742-6B97-9DA2F2C2A40C} - (no file)
O2 - BHO: (no name) - {AECEE20A-6D5C-9811-0891-513FE5F8D7A3} - (no file)
O2 - BHO: (no name) - {B5144FE0-565E-9158-6B8F-826F708E28B8} - (no file)
O2 - BHO: (no name) - {BC2925B5-E97B-DE43-274A-19639008F481} - (no file)
O2 - BHO: (no name) - {D3359242-B216-EB45-DEB9-2835CB3BD589} - (no file)
O2 - BHO: (no name) - {D585B68F-0623-115F-A226-E667817DFA73} - (no file)
O2 - BHO: (no name) - {E76578EE-C10F-E1D1-C4E2-A4CDEFBCD86D} - (no file)
O2 - BHO: (no name) - {EE95AD4F-52EF-4F42-4917-3C3F560B2E23} - (no file)
O2 - BHO: (no name) - {F23C9DBE-5C4E-ECF7-A652-E8CC14D91DA6} - (no file)
O2 - BHO: (no name) - {F4B4287A-E39B-221A-189F-2A73A91FE31E} - (no file)
O2 - BHO: (no name) - {F59162F9-7657-2276-17DA-63496DCD8D12} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LIU] d:\program files\RUBICON.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\john\aim.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\am9obgAA\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: wfikgjmhyfrp (dtmqwfoz6) - Unknown owner - C:\WINNT\system32\zewmgavh6.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: zxkesoanzokc (lyynodhq6) - Unknown owner - C:\WINNT\system32\ewpxilqv6.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
  • 0

#10
miekiemoes
Posted 21 August 2005 - 01:51 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello, we're not done here.

Sorry to take over, but I want to search for something first.

Please download and install Agent ransack:

http://www.mythicsof...m/agentransack/

When done,
*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Above is an important step, otherwise there will be too many results in agent ransack.

Open Agent Ransack and look at the screenshot I attached here.
This is EXACTLY as I want you to set up.
When done, click Start search

When the scan is done, on top in the menu, you'll find: 'file' > 'save results'
"clipboard" is checked by default, leave it, BUT uncheck "file contents". Click Save.
Now rightclick in your next reply and choose 'Paste', that will copy and paste the results from Agent Ransack

This log can be huge... So if it's really too long and doesn't fit in two posts, just let me know.



Edited by miekiemoes, 21 August 2005 - 02:00 PM.

  • 0

#11
johnsohn
Posted 22 August 2005 - 04:00 AM

johnsohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
C:\Documents and Settings\john\Desktop\mostrecentHIJACKTHIS.txt (9 KB, 8/21/2005 12:15:53 PM)
C:\Documents and Settings\john\Desktop\backups\backup-20050820-192407-906 (1 KB, 8/20/2005 7:24:07 PM)
C:\Documents and Settings\john\Local Settings\Temp\hijackthis.log (17 KB, 8/16/2005 8:15:08 PM)
C:\Program Files\Opera\hs_err_pid1332.log (9 KB, 8/18/2005 1:54:34 PM)
C:\Program Files\Opera\hs_err_pid1668.log (11 KB, 8/9/2005 10:14:49 PM)
C:\Program Files\Opera\hs_err_pid432.log (11 KB, 8/19/2005 6:12:16 PM)
C:\Program Files\Opera\hs_err_pid516.log (11 KB, 8/19/2005 5:55:00 PM)
C:\Program Files\Opera\hs_err_pid524.log (11 KB, 8/19/2005 5:54:32 PM)
C:\RECYCLER\S-1-5-21-448539723-1993962763-1060284298-1001\Dc1.log (9 KB, 8/21/2005 12:13:26 PM)
C:\WINNT\etb\nt_hide63.dll (28 KB, 8/20/2005 3:09:40 PM)
C:\WINNT\system32\config\AppEvent.Evt (512 KB, 8/21/2005 3:49:28 AM)
C:\WINNT\system32\wbem\Repository\CIM.REP (3264 KB, 8/21/2005 12:12:01 PM)


I'm pretty sure I did everything on that picture. Is this just a good sign?

Attached Thumbnails

  • thingy.jpg

Edited by johnsohn, 22 August 2005 - 04:07 AM.

  • 0

#12
miekiemoes
Posted 22 August 2005 - 04:12 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It doesn't really show me what I want, but that's ok. :tazz:

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download Nail/Aurora Spyware Fix
Do not use it yet.

* Update your Ewido!!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
If you can't find nailfix on your desktop or where you saved it.. use the search in start > search and type nailfix.exe
Because it is possible that the infection is hiding it.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {1759C4FF-7293-D248-3126-C687B607B173} - (no file)
O2 - BHO: (no name) - {17C84A96-C41D-5AD2-88B0-25EAB98B2F37} - (no file)
O2 - BHO: (no name) - {31C878E5-5044-AC4A-3C51-B1521BB55BD0} - (no file)
O2 - BHO: (no name) - {33192572-7DF2-AC54-453C-B2BE91B44574} - (no file)
O2 - BHO: (no name) - {52D62940-1BF4-7244-668B-C30CFAD5863E} - (no file)
O2 - BHO: (no name) - {57ACB5C2-167F-6150-3371-53ABFD4110B8} - (no file)
O2 - BHO: (no name) - {5D16C870-7508-E94F-3E01-93063153BBAD} - (no file)
O2 - BHO: (no name) - {606720CE-2A57-F91F-9BD6-7E7ED278F8D0} - (no file)
O2 - BHO: (no name) - {682E6711-F2BC-9F50-A1F6-0C026BCB18E2} - (no file)
O2 - BHO: (no name) - {6BABD798-1E1C-7B0B-F91D-C793ED7848A2} - (no file)
O2 - BHO: (no name) - {79A68E19-3F94-392A-9F64-DCD206519035} - (no file)
O2 - BHO: (no name) - {7A7C3BB0-0C94-6E69-708C-264C01B2131F} - (no file)
O2 - BHO: (no name) - {7D7AA5C5-370B-F2A8-39BF-E5E21662DB5D} - (no file)
O2 - BHO: (no name) - {7E60DDF1-E451-8E0E-F23F-ACE3AD7690F2} - (no file)
O2 - BHO: (no name) - {82A4B26C-9E89-0EF8-397E-C2F748649EF7} - (no file)
O2 - BHO: (no name) - {A30753D9-5123-B970-CDA9-810FE4F88C65} - (no file)
O2 - BHO: (no name) - {AB57E75B-2F84-3E13-3A1D-59E55D409A2F} - (no file)
O2 - BHO: (no name) - {ACE828C9-DEA4-A742-6B97-9DA2F2C2A40C} - (no file)
O2 - BHO: (no name) - {AECEE20A-6D5C-9811-0891-513FE5F8D7A3} - (no file)
O2 - BHO: (no name) - {B5144FE0-565E-9158-6B8F-826F708E28B8} - (no file)
O2 - BHO: (no name) - {BC2925B5-E97B-DE43-274A-19639008F481} - (no file)
O2 - BHO: (no name) - {D3359242-B216-EB45-DEB9-2835CB3BD589} - (no file)
O2 - BHO: (no name) - {D585B68F-0623-115F-A226-E667817DFA73} - (no file)
O2 - BHO: (no name) - {E76578EE-C10F-E1D1-C4E2-A4CDEFBCD86D} - (no file)
O2 - BHO: (no name) - {EE95AD4F-52EF-4F42-4917-3C3F560B2E23} - (no file)
O2 - BHO: (no name) - {F23C9DBE-5C4E-ECF7-A652-E8CC14D91DA6} - (no file)
O2 - BHO: (no name) - {F4B4287A-E39B-221A-189F-2A73A91FE31E} - (no file)
O2 - BHO: (no name) - {F59162F9-7657-2276-17DA-63496DCD8D12} - (no file)
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ls44kl.exe reg_run
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\ls44kl.exe reg_run
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab8/dmcc2.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\am9obgAA\command.exe
O23 - Service: wfikgjmhyfrp (dtmqwfoz6) - Unknown owner - C:\WINNT\system32\zewmgavh6.exe (file missing)
O23 - Service: zxkesoanzokc (lyynodhq6) - Unknown owner - C:\WINNT\system32\ewpxilqv6.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)

* Click on Fix Checked when finished and exit HijackThis.
Please make sure you close your Internet Explorer before clicking Fix checked!

* Using Windows Explorer, locate the following folder and delete it:

C:\WINNT\am9obgAA <== folder

*Go to start >run and type: services.msc and click OK
Scroll down in that list until you find the service wfikgjmhyfrp
Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

Perform the same for next service: zxkesoanzokc

*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

* Still in safe mode; open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Close Ewido

* Reboot your system back to normal mode.

Download Find Q.zip and save it to your desktop.
http://forums.net-in...=post&id=153912

Extract (unzip) the files inside into their own folder called Find Q.
Look here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Open the Find Q-folder.
Locate and double-click the Find Q.bat to run it.
Wait until notepad opens and copy and paste the content in your next reply together with a new hijackthislog and the lof from ewido.

Edited by miekiemoes, 22 August 2005 - 04:15 AM.

  • 0

#13
miekiemoes
Posted 02 September 2005 - 04:39 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP