Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop ups and multiple problems [RESOLVED]


  • This topic is locked This topic is locked

#1
samnhoj

samnhoj

    Member

  • Member
  • PipPip
  • 17 posts
Hello,
I have read all the instructions for this forum and have tried to follow them. I think I have several problems in addition to a serious pop-up infection:

1. Adaware, Spybot and Ewido all crash when I try to run them. The most common message I get is that there is low virtual memory.

2. I no longer can get System Restore to work.

3. When my wife logs on to her user account, her usual desktop wallpaper has been replace and most of the basic programs (like WORD) act that they need to be installed for the first time.

I would really appreciate some help.

I went ahead and ran a hijack this log in addition to a partial ewido log. I'll put these in the next posting.

samnhoj
  • 0

Advertisements


#2
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:01:16 PM, 8/20/2005
+ Report-Checksum: 668C1D1D

+ Scan result:

[448] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
[492] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1124] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
[1156] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1180] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1204] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1356] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1420] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1528] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1732] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[1616] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[2548] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[2888] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[2212] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[3048] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[1152] C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Error during cleaning
[3108] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning
[3164] C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Error during cleaning


::Report End


Here is the Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:29:18 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\sds4px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenua32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sds4px.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi John (taking a wild guess:P) and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS


Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
We will be using this program later.

Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.

Download LQfix Here
save it to your desktop, please do not use yet


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Open up and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenua32.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sds4px.exe reg_run
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtange...soft/wtinst.cab


9. click the Fix Checked box

10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\cfgmgr52.dll
C:\temp\stubinstaller6480.exe


11. Double click on LQFix program u downloaded.
A doswindow will open and close again, this is normal.

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log, Ewido Log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#4
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello,
Sorry it's been several days. Out of town for the weekend.

Thank you SO MUCH for your help! :tazz:

I was able to do most of what you suggested. ActiveScan did not run. I did not even get the activeX warning at the top of my browser. Strange. Also, several of the items to remove in step #8 were not present, including the two from step #10.

Also, the link for LQfix did not work. I downloaded it from a different source.

Here's how the computer seems to be working:

1. I am still getting a few popups. (party poker was the last one.)
2. When I reboot, Norton Antivirus is always disabled. I must manually enable it even though it is set to run automatically.

-John (you were right...kind of obvious, huh?)


Here is Edwido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:25:20 PM, 8/29/2005
+ Report-Checksum: BDA2376B

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1993962763-706699826-1060284298-1003\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1993962763-706699826-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\896NO5UJ\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegdl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitenua32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitecwy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitesiy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebdc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitediw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitefpl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteoxx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteaxn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitewor32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteopa32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelaj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetro32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitesxl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitewsr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetcu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteaak32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehzn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebda32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelcw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteybj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitekeu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteuhb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitenrk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitevjd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteduy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitemoj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteamw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetzn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitezgx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitemuz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteftb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehas32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetnw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteexk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitefeu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegdp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteozz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetiv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteztg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteipr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliterjc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteykc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitepyk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitemoa32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitewsk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteamp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitejpd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitexsf32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteryc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteyro32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitekjp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteyfp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitergb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitejzl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetry32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelvt32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitezyv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteewg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitepyn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehdv32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteewc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitevtb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitenri32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteetx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteipu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteklf32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedcm32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteibw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelob32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteabh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitevdp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteaee32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedii32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitejzz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehmu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitezxn32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitezcl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedcp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteuej32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitexmh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitervw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitejwd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetms32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteyub32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteohy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitetfc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehak32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedpb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteyfg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\temperror32.dat -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\hbptausb.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka63.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_63.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499604.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499605.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499606.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499609.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499610.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499611.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499614.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499615.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499617.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499618.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499619.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499620.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499621.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499622.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499623.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499624.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499626.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499634.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499635.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499636.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499651.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Recycled\NPROTECT\01499652.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499653.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499654.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499669.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499670.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499671.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499672.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499673.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499680.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499681.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499682.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499697.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499698.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499699.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499700.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499702.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499703.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499704.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499705.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499706.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499707.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499708.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499709.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499710.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499716.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499717.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499718.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499719.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499720.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499721.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499724.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499725.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499726.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499728.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499729.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499730.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499732.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499733.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499734.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499735.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499736.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499737.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499738.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499739.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499740.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499741.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499755.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Recycled\NPROTECT\01499762.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499763.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499765.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499766.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499769.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499773.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499775.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499776.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499777.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499778.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499779.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499780.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499781.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499782.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499783.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499784.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499785.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499786.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499787.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499788.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499789.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499790.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499791.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499792.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499793.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499794.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499797.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499798.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499800.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499801.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499802.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499803.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499804.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499805.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499806.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499807.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499808.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499809.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499811.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499812.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499813.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499815.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499816.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499817.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499818.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499819.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499820.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499821.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499822.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499823.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499824.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499825.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499826.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499827.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499828.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499830.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499831.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499832.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499833.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499834.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499836.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499837.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499838.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499839.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499841.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499842.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499843.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499844.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499845.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499846.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499847.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499848.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499849.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499850.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499852.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499853.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499854.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499857.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499858.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499859.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499860.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499861.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499862.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499863.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499864.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499865.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499866.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499867.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499868.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499869.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499870.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499871.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499872.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499874.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499875.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499876.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499877.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499878.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499879.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499880.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499882.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499883.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499884.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499885.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499886.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499887.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499890.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499891.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499892.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499893.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499896.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499897.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499898.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499901.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499974.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499976.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499989.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499552.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499553.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499995.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499561.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499584.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499589.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Recycled\NPROTECT\01499591.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499592.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499593.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499594.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499596.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499597.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499627.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499628.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499629.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499630.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499631.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499632.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499637.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499639.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499642.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499644.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499647.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499648.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499649.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499655.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499684.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499685.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499686.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499687.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499688.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499689.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499899.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499900.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499902.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499903.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01500338.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500339.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500345.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500347.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500644.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500646.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500648.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500649.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500823.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500826.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500841.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01500842.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501677.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501679.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501689.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501690.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501749.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501750.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501753.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501754.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501798.EXE -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501800.EXE -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501805.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501841.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501843.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501857.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01501858.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502277.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502278.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502295.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502296.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502329.EXE -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01502516.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504356.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504359.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504418.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504425.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504569.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504579.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504791.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01504798.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01505084.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01505105.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01506018.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01506023.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01506307.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01506401.DLL -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01506405.dll -> Spyware.EliteBar : Cleaned with backup
C:\Recycled\NPROTECT\01499449.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Recycled\NPROTECT\01499450.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499451.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499452.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499453.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499454.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499455.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499456.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499457.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499461.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499462.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499463.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499464.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499465.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499466.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499467.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499468.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499469.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499470.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499471.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499472.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499473.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499474.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499475.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499476.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499477.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499478.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499479.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499480.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499481.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499482.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499483.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499486.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499487.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499488.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499489.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499490.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499493.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499494.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499495.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499496.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499497.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499498.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499500.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499501.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499502.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499503.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499504.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499505.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499506.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499507.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499508.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499509.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499510.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499511.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499513.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499514.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499515.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499516.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499517.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499518.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499519.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499520.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499521.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499522.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499523.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499524.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499525.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499526.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499527.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499528.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499529.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499530.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499531.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499532.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499535.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499536.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499537.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499538.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499540.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499542.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499543.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499545.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499546.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499547.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499549.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Recycled\NPROTECT\01499550.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Recycled\NPROTECT\01499554.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499555.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499556.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499557.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499558.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499559.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499562.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\01499563.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499564.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499565.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499566.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499567.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499568.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499569.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499570.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499571.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499572.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499573.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499574.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499575.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499576.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499577.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499578.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\01499579.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499580.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499581.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499582.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499583.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499585.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499586.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499598.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499599.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499633.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499656.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499657.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499658.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499659.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499660.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499661.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499663.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499664.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499665.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499666.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499667.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499668.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499690.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499691.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499692.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499693.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499694.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499695.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499696.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499742.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499743.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499744.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\01499745.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499746.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Recycled\NPROTECT\01499747.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499748.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499749.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499750.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499751.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499752.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\01499753.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Recycled\NPROTECT\01499754.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\x3.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@sonycorporate.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\default\Cookies\default@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kelsey\Local Settings\Temporary Internet Files\Content.IE5\IABCDW6P\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Kelsey\Local Settings\Temporary Internet Files\Content.IE5\CS5SMPCK\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@www.casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kelsey\Cookies\kelsey@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kelsey\Cook
  • 0

#5
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
New HiJack this log please.

thanks,

:tazz:

Excal
  • 0

#6
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oops! Sorry. I thought I included it in my last post!

----------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:33:57 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sds4px.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Sweet, looks much better!

Still have that qoological infection we have to do though :tazz:

Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#8
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK, here are the WinPFind results and the Track qoo results:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 4/25/2003 2:25:46 PM 545280 C:\WINDOWS\flashax.exe
UPX! 4/19/2002 6:37:14 PM 25000 C:\WINDOWS\iedisco.exe
FSG! 8/29/2005 9:46:06 PM 1982542 C:\WINDOWS\WindowsUpdate.log

Checking %System% folder...
PECompact2 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 8/29/2002 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
winsync 8/29/2002 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 2/14/1997 10:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 6/3/2005 1:33:00 PM 75264 C:\WINDOWS\SYSTEM32\sfmmnmt.exe
69.59.186.63 8/29/2005 6:30:46 PM 46080 C:\WINDOWS\SYSTEM32\fgsksff.dll
209.66.67.134 8/29/2005 6:30:46 PM 46080 C:\WINDOWS\SYSTEM32\fgsksff.dll
web-nex 8/29/2005 6:30:46 PM 46080 C:\WINDOWS\SYSTEM32\fgsksff.dll
winsync 8/29/2005 6:30:46 PM 46080 C:\WINDOWS\SYSTEM32\fgsksff.dll
69.59.186.63 8/29/2005 6:49:22 PM 10240 C:\WINDOWS\SYSTEM32\ebaoa.dll
209.66.67.134 8/29/2005 6:49:22 PM 10240 C:\WINDOWS\SYSTEM32\ebaoa.dll
web-nex 8/29/2005 6:49:22 PM 10240 C:\WINDOWS\SYSTEM32\ebaoa.dll
winsync 8/29/2005 6:49:22 PM 10240 C:\WINDOWS\SYSTEM32\ebaoa.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/29/2005 9:47:08 PM S 2048 C:\WINDOWS\bootstat.dat
8/21/2005 8:21:16 PM H 54156 C:\WINDOWS\QTFont.qfn
7/4/2005 4:09:02 PM H 0 C:\WINDOWS\INF\oem16.inf
8/23/2005 8:50:04 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
8/23/2005 8:50:04 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\15acd5ee-4709-45bd-a067-301691984210
8/29/2005 9:46:08 PM H 888832 C:\WINDOWS\SYSTEM32\config\system.LOG
8/29/2005 9:46:08 PM H 69632 C:\WINDOWS\SYSTEM32\config\software.LOG
8/29/2005 9:46:08 PM H 8192 C:\WINDOWS\SYSTEM32\config\default.LOG
8/19/2005 9:32:08 PM H 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
8/29/2005 9:47:24 PM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
8/29/2005 9:47:10 PM H 16384 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
8/23/2005 8:57:04 PM H 1024 C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat.LOG
8/19/2005 9:47:36 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CPU7SXW5\desktop.ini
8/19/2005 9:47:36 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\896NO5UJ\desktop.ini
8/19/2005 9:47:36 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\41E7WHYB\desktop.ini
8/19/2005 9:47:36 PM HS 67 C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O3MR1T3I\desktop.ini
7/2/2005 1:18:16 AM S 9445 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
8/29/2005 9:46:02 PM H 6 C:\WINDOWS\TASKS\SA.DAT
8/29/2005 6:18:32 PM HS 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\WP2XO1I1\desktop.ini
8/29/2005 6:18:32 PM HS 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\CTIB09AV\desktop.ini
8/29/2005 6:18:32 PM HS 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\W9U70HU3\desktop.ini
8/29/2005 6:18:32 PM HS 67 C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\GPIZCD6V\desktop.ini
7/29/2005 12:22:38 AM HS 659456 C:\WINDOWS\DRM\drmstore.hds

Checking for CPL files...
Apple Computer, Inc. 4/8/2004 2:12:42 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
RealNetworks, Inc. 12/14/2000 8:38:22 AM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
iAnywhere Solutions, Inc. 12/12/2004 5:45:26 PM 400640 C:\WINDOWS\SYSTEM32\agcpl.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
InstallShield Software Corporation2/16/2005 4:15:20 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/12/2002 6:08:50 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
12/12/2002 11:06:58 PM 1634 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/27/2002 7:30:06 PM 585 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
2/22/2004 1:18:08 PM 428 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
8/29/2005 6:49:20 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtip.exe

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/12/2002 5:57:52 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
12/12/2002 6:08:50 PM HS 84 C:\Documents and Settings\default\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/5/2005 1:23:46 PM 37376 C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
12/12/2002 5:57:52 PM HS 62 C:\Documents and Settings\default\Application Data\desktop.ini
5/16/2003 9:23:22 PM 0 C:\Documents and Settings\default\Application Data\dm.ini
9/27/2004 8:11:00 PM 115 C:\Documents and Settings\default\Application Data\fusioncache.dat
8/20/2005 4:53:56 PM 130496 C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
8/20/2005 12:24:12 AM H 4288096 C:\Documents and Settings\default\Application Data\IconCache.db

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} = %SystemRoot%\System32\zipfldr.dll
{BD472F60-27FA-11cf-B8B4-444553540000} = %SystemRoot%\System32\zipfldr.dll
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} = %SystemRoot%\System32\zipfldr.dll
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = %SystemRoot%\system32\SHELL32.dll
{53C74826-AB99-4d33-ACA4-3117F51D3788} = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mqxtyssq
{2b4a239e-0e44-44e4-a5f5-828c782851de} = C:\WINDOWS\system32\ebaoa.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM32\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM32\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
Encarta &Researcher = C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Researcher :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Microsoft SearchBand = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
winsync C:\WINDOWS\system32\sds4px.exe reg_run
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SystemTray SysTray.Exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
QD FastAndSafe SysTray.Exe
Motive SmartBridge C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key Cu\NL&`
WarnOnOff 1
FileName0 C:\WINDOWS\system32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 4
s 4
n 4
l 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 95
CDRAutoRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\System32\upnpui.dll
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/29/2005 10:00:33 PM

-----------------------------------------------------------------------

Track qoo


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"="C:\\WINDOWS\\system32\\sds4px.exe reg_run"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SystemTray"="SysTray.Exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"QD FastAndSafe"="SysTray.Exe"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SMARTB~1\\MotiveSB.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- mqxtyssq
{2b4a239e-0e44-44e4-a5f5-828c782851de}
C:\WINDOWS\system32\ebaoa.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM32\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM32\DOCPROP2.DLL

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
Quicken Scheduled Updates.lnk
Microsoft Works Calendar Reminders.lnk
Microsoft Office.lnk
==============================
C:\Documents and Settings\default\Start Menu\Programs\Startup

desktop.ini
Quicken Scheduled Updates.lnk
Microsoft Works Calendar Reminders.lnk
Microsoft Office.lnk
desktop.ini
==============================
C:\WINDOWS\SYSTEM32 cpl files


QuickTime.cpl Apple Computer, Inc.
prefscpl.cpl RealNetworks, Inc.
irprops.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
agcpl.cpl iAnywhere Solutions, Inc.
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
access.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
ISUSPM.cpl InstallShield Software Corporation
  • 0

#9
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\mqxtyssq]

[-HKEY_CLASSES_ROOT\CLSID\{2b4a239e-0e44-44e4-a5f5-828c782851de}]


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\iedisco.exe
C:\WINDOWS\SYSTEM32\sfmmnmt.exe
C:\WINDOWS\SYSTEM32\fgsksff.dll
C:\WINDOWS\SYSTEM32\ebaoa.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtip.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\rtip.exe
C:\WINDOWS\system32\sds4px.exe


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sds4px.exe reg_run

Now close all windows other than HiJackThis, then click Fix Checked.

Restart back in Normal Mode and Post a fresh HijackThis log!
  • 0

#10
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Good Morning,

I gave up at 11:00pm last night...and then realized that you were up at 2:00am! Wow! Again, I really appreciate your help. :tazz:

Oops! When I ran killbox in safe mode, I failed to tick the:

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

...options. I went back and tried to do it right and it said the files didn't seem to exist. I hope I didn't mess it up!

Also, the...
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sds4px.exe reg_run
...didn't appear in my safe mode run of Hijack this.

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:46:18 AM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#11
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

I gave up at 11:00pm last night


No giving up allowed!!! :tazz:


That HiJackthis log appears to be a safe mode one, can you do a fresh one in normal mode please :)

Hows the computer running? Everything is looking good with that HiJackthis log.


Thanks,

:)

Excal
  • 0

#12
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Excal,

Thanks for the reply. The computer seems to be working MUCH better! No pop ups yet today...and it booted up with the Norton antivirus enabled.

You are amazing!!!

My wife's user account kept it's settings! Wow!

The only other weird thing that seems to be related to this mess is the fact that when my wife tries to open WORD, she gets a message that it is installing and then this error:

"Error 1706. Setup cannot find the ruquired files. Check your conne3ction to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

I don't know if this is related to the malware infection, but all the problems began at the same time. I've tried:
1. Starting WORD with our installation CDs in the drive, and
2. Searched the OFFICE knowledge base and tried to open the file (C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP).

The problem only happens on HER user account!

Any ideas?

-John

Here is the normal-mode Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:17:46 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Can I see a HiJackthis log from her account please

:tazz:

Excal
  • 0

#14
samnhoj

samnhoj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Excal,

I just noticed that when I turned my computer on after work today, the Norton Antivirus was disabled again. However, still no pop ups. Yeehaw!

Thanks again for helping me!

Here is the hijack this log from my wife's user account:

Logfile of HijackThis v1.99.1
Scan saved at 4:52:45 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#15
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
from your account:

Download WinPFind and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
don't do anything with it yet.

boot into safe mode


Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

reboot

Please post the winpfind log

Silent Runners:
  • Please click this link to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
  • Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

  • NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
    For some time it will look like nothing is happening. Just keep waiting.
  • Once it's done it will create a log. A window will come up telling you when it's saved. Please post that log here

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP