Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer Infection [RESOLVED]


  • This topic is locked This topic is locked

#1
gllz

gllz

    Member

  • Member
  • PipPip
  • 10 posts
I have Winfixer on my PC as evidenced by it popping up when I use IE. I have tried to get rid of it by running all the removal tools you have suggested in the start section. Here is what I have run so far:

Cleanup
Ad-Aware SE
CWShredder
Spybot S&D
Ewido
Panda Online

Several things were removed, but the Winfixer still remains although it does not seem to come up asoften as it did before. I have also run a HiJackThis and here is my log contents:

Logfile of HijackThis v1.99.1
Scan saved at 7:26:52 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Tools\web_army_knife\WAK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\SysSense\SysSense.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: w.com #[Adware.Binet]
O1 - Hosts: .com #[Adware.Binet]
O1 - Hosts: talvelocity.com
O1 - Hosts: otalvelocity.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: 1
O1 - Hosts: m
O1 - Hosts: tyfind.com
O1 - Hosts: com
O1 - Hosts: ks.com
O1 - Hosts: 127.0.0
O1 - Hosts: icks.com
O1 - Hosts: 127.0net
O1 - Hosts: 127.0
O1 - Hosts: m
O1 - Hosts: com
O1 - Hosts: y.com
O1 - Hosts: 1m
O1 - Hosts: 1
O1 - Hosts: ity.com
O1 - Hosts: city.com
O1 - Hosts: om
O1 - Hosts: ocity.com
O1 - Hosts: com
O1 - Hosts: velocity.com
O1 - Hosts: .com
O1 - Hosts: alvelocity.com
O1 - Hosts: u.com
O1 - Hosts: talvelocity.com
O1 - Hosts: nu.com
O1 - Hosts: otalvelocity.com
O1 - Hosts: 12
O1 - Hosts: 12
O1 - Hosts: henu.com
O1 - Hosts: .totalvelocity.com
O1 - Hosts: c.whenu.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: .zinc.whenu.com
O1 - Hosts: .zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: u.com
O1 - Hosts: u.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Microsoft.NET\svccr.dll
O2 - BHO: (no name) - {BDA3A080-4F6B-5A8A-3920-6AB32AC809B0} - C:\WINDOWS\system32\cqmogbnc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [WebArmyKnife] C:\Tools\web_army_knife\WAK.exe q
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jenn\My Documents\My Downloads\AIM 5.5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.greatlookingposters.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: binbas - C:\WINDOWS\Web\binbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: svccr - C:\WINDOWS\Microsoft.NET\svccr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Please advise as to what I need to do to rid my PC of the Winfixer bug.

Thanks for all your help.
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi gllz and welcome to GeeksToGo! My name is Excal and I will be helping you.

You may have the latest version of VX2. Download L2mfix from one of these two locations:
  • One
    Two
  • Save the file to your desktop and double click l2mfix.exe.
  • Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.
  • Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
Note; if you recieve any error messages for CMD or Autoexec.bat>> select option 5 from the l2mfix and once at the site, click on the link that apply to your operating system!
Double-click the file it downloads and extract the files to its predetermined System32 folder!


Then post a HijackThis log (not attach) together with the log of the L2Mfix
  • 0

#3
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

Here is the log from l2mfix:

L2MFIX find log 1.04
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avw2]
"Asynchronous"=dword:00000000
"DllName"="c:\\windows\\system32\\avw2.dll"
"Impersonate"=dword:00000000
"Startup"="LogonWinEvent"
"Logoff"="LogoffWinEvent"
"CLSID"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\binbas]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\Web\\binbas.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\svccr]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\Microsoft.NET\\svccr.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{efb97cb8-a4a4-4357-a261-002ffaed0267}"="CD Slideshow Powertoy"
"{F5D92344-0A64-11D0-9956-0000E8096023}"="InstantWrite Shellextension"
"{F5D92341-0A64-11D0-9956-0000E8096023}"="CD Copy Shell Extension"
"{F5D92342-0A64-11D0-9956-0000E8096023}"="CD Wizard Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}"="Desktop Manager"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Volume in drive C is Greg_40
Volume Serial Number is 0027-869A

Directory of C:\WINDOWS\System32

07/24/2005 01:44 PM <DIR> DLLCACHE
04/21/2005 10:43 AM 430,080 ??chost.exe
11/01/2004 10:13 AM 512 Dkp0h.y89
10/30/2004 11:21 AM 512 Rydo85km.bua
10/24/2004 11:07 PM 512 IouEld.016
10/24/2004 11:07 PM 512 Oval63H.j9q
10/23/2004 11:07 PM 512 Cjo9g.x88
10/21/2004 11:07 PM 512 SzfpW5mn.cvb
10/20/2004 11:07 PM 512 Bin9.fw7
10/17/2004 07:34 PM 512 Wdj0.hz8
10/04/2004 06:52 AM 512 SzepW5ln.cvb
10/02/2004 06:52 AM 512 WditZRpq.fye
10/02/2004 06:52 AM 512 NwuD1.4e3
09/30/2004 06:52 AM 512 IpuFmd.017
09/29/2004 06:52 AM 512 MwuD1.4d3
09/28/2004 06:52 AM 512 MtyJ63F.h8p
09/27/2004 06:51 AM 512 NuzK63G.i8q
09/25/2004 06:51 AM 512 Bio9f.x88
09/25/2004 06:51 AM 512 Rydo84km.bua
03/21/2004 11:53 AM <DIR> Microsoft
18 File(s) 438,784 bytes
2 Dir(s) 21,772,034,048 bytes free
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please download VundoFix.zip to your desktop.
  • Double-click VundoFix.zip and extract it to your C:\ directory.
  • Copy the instructions below and paste them into Notepad for reference.
    • All other windows need to be closed while doing this fix!
  • Navigate to the new folder C:\VundoFix
  • Double click on KillVundo.bat
    • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
  • Please press any key to continue.
  • Wait for HiJackThis to open.
  • When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:

    O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Microsoft.NET\svccr.dll
    O2 - BHO: (no name) - {BDA3A080-4F6B-5A8A-3920-6AB32AC809B0} - C:\WINDOWS\system32\cqmogbnc.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O20 - Winlogon Notify: svccr - C:\WINDOWS\Microsoft.NET\svccr.dll

  • Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.
You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix
  • 0

#5
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

Ran Vundofix and then HijackThis again as you suggested. Heres the log for Vundo:

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 548 'smss.exe'
Threads [552][556][560]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1756 'explorer.exe'
Killing PID 1756 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 396 'rundll32.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 636 'winlogon.exe'
deleting: C:\WINDOWS\Microsoft.NET\svccr.dll
Successfully Deleted: C:\WINDOWS\Microsoft.NET\svccr.dll
Sucessfully Deleted


Heres the new log for HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:17:56 AM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Tools\web_army_knife\WAK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\SysSense\SysSense.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: w.com #[Adware.Binet]
O1 - Hosts: .com #[Adware.Binet]
O1 - Hosts: talvelocity.com
O1 - Hosts: otalvelocity.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: 1
O1 - Hosts: m
O1 - Hosts: tyfind.com
O1 - Hosts: com
O1 - Hosts: ks.com
O1 - Hosts: 127.0.0
O1 - Hosts: icks.com
O1 - Hosts: 127.0net
O1 - Hosts: 127.0
O1 - Hosts: m
O1 - Hosts: com
O1 - Hosts: y.com
O1 - Hosts: 1m
O1 - Hosts: 1
O1 - Hosts: ity.com
O1 - Hosts: city.com
O1 - Hosts: om
O1 - Hosts: ocity.com
O1 - Hosts: com
O1 - Hosts: velocity.com
O1 - Hosts: .com
O1 - Hosts: alvelocity.com
O1 - Hosts: u.com
O1 - Hosts: talvelocity.com
O1 - Hosts: nu.com
O1 - Hosts: otalvelocity.com
O1 - Hosts: 12
O1 - Hosts: 12
O1 - Hosts: henu.com
O1 - Hosts: .totalvelocity.com
O1 - Hosts: c.whenu.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: w.totalvelocity.com
O1 - Hosts: .zinc.whenu.com
O1 - Hosts: .zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: ww.zinc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: u.com
O1 - Hosts: u.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: enu.com
O1 - Hosts: enu.com
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [WebArmyKnife] C:\Tools\web_army_knife\WAK.exe q
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jenn\My Documents\My Downloads\AIM 5.5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.greatlookingposters.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: binbas - C:\WINDOWS\Web\binbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Thanks. Greg
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

DOWNLOAD PROGRAMS


Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Open up the Host program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
5. Open up and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\system32\a.exe
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O15 - Trusted Zone: www.greatlookingposters.com
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: binbas - C:\WINDOWS\Web\binbas.dll (file missing)


9. click the Fix Checked box

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\SysSense

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
C:\WINDOWS\system32\a.exe
c:\windows\system32\avw2.dll


12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post the Active scan log, Ewido Log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#7
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

Please be more specific in your last instruction about Host program. I do not know exactly what you mean. Also, you gave me two instructions to remove files that I actually installed myself - one was Don' Touch My ads and the other was SySsense. I can remove them if you think it is important, but I did put them there.

Thanks.

Greg
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

Also, you gave me two instructions to remove files that I actually installed myself - one was Don' Touch My ads and the other was SySsense.


You can keep them if you installed them. There is no information at all about SySsense in any data base, 99.999% that means its some sort of Malware. As far as the other one goes, it looks and appears like a LOP infection file, thats why I had it on their for deletion. If you did indeed put them there, please do not remove them.

Not sure which part of the Host program you don't understand, can you let me know and I will explain it to you better...sorry

:tazz:

Excal
  • 0

#9
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

You gave me the instruction:

"Open up the Host program.

* Make sure that the "make hosts writable?" button in the upper right corner is enabled.
* Click back up Host files
* then click Restore orginal host files
* close program"

I do not know what program "Host" is referring to. Is it a program that you told me to download and I didn't or is it on my PC somewhere? The only Host I know of is the hosts file in the system32/etc/driver folder.

Thanks,

Greg
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok then, I am officially a Donkey......ack, sorry.

Download the Host Here


:tazz:

Excal

Edited by Excal, 28 August 2005 - 07:11 PM.

  • 0

Advertisements


#11
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

The file avw2.dll could not be deleted. If you know what it is, I can try to make sure whatever is running that uses it is not running. Here is the scan log from ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:17:11 AM, 8/29/2005
+ Report-Checksum: B7F3E6B4

+ Scan result:

:mozilla.14:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\zivg9m1z.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
C:\Documents and Settings\Greg\Cookies\greg@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jenn\Application Data\Mozilla\Firefox\Profiles\rp7lvaxu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jenn\Application Data\Mozilla\Firefox\Profiles\rp7lvaxu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jenn\Application Data\Mozilla\Profiles\default\edbulo5d.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup


::Report End

Here is the scan log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:19:29 AM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [WebArmyKnife] C:\Tools\web_army_knife\WAK.exe q
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jenn\My Documents\My Downloads\AIM 5.5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.greatlookingposters.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: binbas - C:\WINDOWS\Web\binbas.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Computer seems to be running fine (always seemed to). No Winfixer popups yet. Let me know about the avw2.dll file if you think it needs to be persued.

Thanks.

Greg
  • 0

#12
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

Repost of the HijackThis log. The one before is before the reboot. Sorry.

Greg

Logfile of HijackThis v1.99.1
Scan saved at 12:45:49 AM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Tools\web_army_knife\WAK.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\SysSense\SysSense.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [WebArmyKnife] C:\Tools\web_army_knife\WAK.exe q
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jenn\My Documents\My Downloads\AIM 5.5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it after the fix, you follow the same steps but click on Enable Real-time Protection.

open Hijackthis and do a scan. Please check off the following items:

O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: binbas - C:\WINDOWS\Web\binbas.dll (file missing)


click FIX CHECKED then close Hijackthis


Please download the Killbox.

Please run Killbox.
  • Select "Replace on Reboot" also make sure the "Use Dummy" box is checked .
  • Copy and paste the following file name into the "Full Path of File to delete" box:

    c:\windows\system32\avw2.dll

  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.
Please post a fresh HiJackthis log
  • 0

#14
gllz

gllz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Excal,

Performed ops as you directed and now posting new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:02 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Tools\web_army_knife\WAK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\SysSense\SysSense.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [WebArmyKnife] C:\Tools\web_army_knife\WAK.exe q
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [dont-touch-my-ads] C:\Documents and Settings\Greg\Dont-Touch-My-Ads.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SysSense] C:\Program Files\SysSense\SysSense.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jenn\My Documents\My Downloads\AIM 5.5\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Thanks.

Greg
  • 0

#15
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it after the fix, you follow the same steps but click on Enable Real-time Protection.

open kill box, go to file. then select "delete all dummies"

open Hijackthis and do a scan. Please check off the following items:

O20 - Winlogon Notify: avw2 - c:\windows\system32\avw2.dll

click FIX CHECKED then close Hijackthis

reboot

Silent Runners:
  • Please click this link to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
  • Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

  • NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
    For some time it will look like nothing is happening. Just keep waiting.
  • Once it's done it will create a log. A window will come up telling you when it's saved. Please post that log here

Please post the silent runners log and a fresh HiJackthi log.

Thanks,

:tazz:

Excal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP