Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mirarsetup.exe [CLOSED]

Started by lochlan99 , Aug 31 2005 08:01 AM

  • This topic is locked This topic is locked

#1
lochlan99
Posted 31 August 2005 - 08:01 AM

lochlan99

    Member

  • Member
  • PipPip
  • 11 posts
:tazz: please help, following a previous forum, i am having the same problem, i have downloaded 'highjack this' and run the scan. thanks for any help or suggestions

the scan produced the following:

Logfile of HijackThis v1.99.1
Scan saved at 14:54:04, on 31/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lochlan\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {91446C99-F009-56CC-4ABF-88F99086A81E} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - (no file)
O2 - BHO: (no name) - {FFCDF546-F480-31CB-7C6B-5F25BAA47B24} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C604D2-EA53-4A17-8D46-08C2FDFE6048}: NameServer = 195.92.195.95 195.92.195.94
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipay.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Trevuren
Posted 31 August 2005 - 10:54 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi lochlan99, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
  • Click HERE for the update.
  • Apply the update.
  • REBOOT YOUR SYSTEM
  • Post a fresh Hijack This log
Regards,

Trevuren.
  • 0

#3
lochlan99
Posted 01 September 2005 - 04:07 AM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
as requested:

Logfile of HijackThis v1.99.1
Scan saved at 11:04:56, on 01/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Lochlan\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {91446C99-F009-56CC-4ABF-88F99086A81E} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - (no file)
O2 - BHO: (no name) - {FFCDF546-F480-31CB-7C6B-5F25BAA47B24} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C604D2-EA53-4A17-8D46-08C2FDFE6048}: NameServer = 195.92.195.95 195.92.195.94
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipay.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks for your help :tazz:
  • 0

#4
Trevuren
Posted 01 September 2005 - 09:55 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
One last thing before we can get started:

1. Please DELETE your current HJT program from its present location.

2. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#5
lochlan99
Posted 01 September 2005 - 01:48 PM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks for coming back so fast, the following is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 20:47:14, on 01/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {91446C99-F009-56CC-4ABF-88F99086A81E} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - (no file)
O2 - BHO: (no name) - {FFCDF546-F480-31CB-7C6B-5F25BAA47B24} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C604D2-EA53-4A17-8D46-08C2FDFE6048}: NameServer = 195.92.195.95 195.92.195.94
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipay.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
Trevuren
Posted 01 September 2005 - 02:54 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system is infected with a variant of the About:Blank infection.
  • First we must STOP, and Disable a bad Added Service
    • Click Start>Run and type in: services.msc
    • Click OK
    • In the Services window find: Remote Procedure Call (RPC)
    • Select/highlight and right click the entry, and choose: Properties
    • On the General tab, under Service Status click the Stop button
    • Beside: Startup Type, in the drop menu, select: Disabled
    • Click Apply, then OK
  • Download CWShredder
    Click check for updates. Do not use it yet.

  • Download Aboutbuster 5
    Unzip the file to its own folder (C:\AB) Do not use it yet.

  • Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.

  • Download Killbox
    Choose save as to your desktop. Unzip the file. Do not use it yet.

    Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark “show hidden files en extensions >OK

    Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!

  • Reboot your system intosafe mode for all OS

  • Close all windows and open HijackThis.
    • Click "scan only” in the main window
    • Put a checkmark beside the following entries and click “FIX checked”.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eglol.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\eglol.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eglol.dll/sp.html#37049
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\eglol.dll/sp.html#37049
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
      O2 - BHO: (no name) - {91446C99-F009-56CC-4ABF-88F99086A81E} - (no file)
      O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
      O2 - BHO: (no name) - {FFCDF546-F480-31CB-7C6B-5F25BAA47B24} - (no file)
      O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex...hm::/uninst.exe
      O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
      O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
      O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
      O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
      O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
      O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ipay.exe (file missing)
  • Run CWShredder and choose FIX

  • Start AboutBuster and press START, and then OK. The program will start scanning.

  • Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.

  • Start Killbox
    • Place a checkmark next to [x] Delete On Reboot.
    • Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.

      C:\WINDOWS\System32\kernels32.exe
      C:\WINDOWS\system32\spider.exe
      C:\WINDOWS\eglol.dll
      C:\WINDOWS\web
      c:\eied_s7.cab
      c:\ex.cab
      C:\WINDOWS\System32\vbsys2.dll
      C:\WINDOWS\ipay.exe
    • Back in Killbox, go > file > paste from clipboard,
    • Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
    • Then click OK
    • Exit Killbox and Reboot your PC.
  • After the reboot, Start AboutBuster AGAIN and scan AGAIN.

  • Clean temporary files:
    • Go > start > run and type cleanmgr and OK
    • Scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
    • Click OK to remove those files.
    • Click Yes to confirm deletion.
  • Reboot your system into normal mode.

  • Download Ewido scan
    • Check for updates.
    • Let it do a full run.
    • Copy the log. Past it to a blank Notepad file and save it to post here.
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it and the EWIDOscan log in this thread for review.
Regards,

Trevuren
  • 0

#7
lochlan99
Posted 02 September 2005 - 05:54 AM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Trevuren,

Thank you for your help, will need to go print this out! I will get back to you asap!

Regards,

Lochlan
  • 0

#8
lochlan99
Posted 04 September 2005 - 02:54 PM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi trevurian

i went to Remote Service Call, the Service Status and the Startup Type areas are not active, i was not able to follow your instruction.
also wouldn't allow me to print the screen to show you

FYI
Path to executable is as follows:
C:\WINDOWS\system32\svchost -k rpcss

Serice name is RpcSs

rgds

lochlan
  • 0

#9
Trevuren
Posted 04 September 2005 - 03:08 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
If they were not active, then they were already disabled. In that case, just continue with thr fix as written.

Thanks,

Trevuren
  • 0

#10
lochlan99
Posted 06 September 2005 - 04:12 PM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi trevuren,

as requested, please find the exido scan report followed by the hijack this report! hope that i followed your instructions ok!!!

by the way, it says that i have disabled the task manager!! how is this??

rgds

lochlan

exido scan report
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05CFF62B-F8EF-A6A3-C2D8-0649EE07F197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0FBFA147-FFB4-19A8-49F8-D1A17B80E32D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{155F178D-1B07-52BD-BF72-827F24ED9DCE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D533677-6478-9DBE-8A8D-E743E69BF5FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E94A47D-9941-8288-D05C-42C49063F351} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2944D598-26C6-EAEE-CC51-6667352D7B57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FFB405E-2D99-7374-B6D3-F0CD9DC8744E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{913EAD11-DA6B-5C8F-D264-E3D4FC8BA5DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{929F8E8D-2C15-4240-E685-FA3C645381C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E2092B1-77DB-2A6A-A476-8BAA6CC65237} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A4405AD1-A13C-E10B-4B57-D5092B102F2B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97B64CA-35C4-DD86-2890-054EE94CE844} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB8789CE-01B6-4B58-C2C0-77D8144D5741} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2E5E32B-0FD0-16A5-10FE-EDA2D4478683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3CBD491-14A8-F1D3-52CC-F2038BD5FDDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C5E66D21-FF6E-2881-4046-8D0402A4597D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D1F6B196-AB9F-2B48-C708-0B7CEC5DA4F9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F065E398-2ACB-9034-8B2A-28A827FF521F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\AppInfo -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\AppInfo\CME -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\AppInfo\GMT -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\CMEII -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\CMEII\GSNInstalled -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\BannerManager -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\BK -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\EventLog -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\BD -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\EL -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ad.doubleclick.net -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ad.uk.doubleclick.net -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gatorcme -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_rs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_search -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ssbackup -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_updateserver -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\ScriptLoader -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\Settings -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\10689 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11277 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11278 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11283 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11287 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11299 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11300 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11351 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11364 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11466 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11469 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11490 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11510 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\11795 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12062 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12064 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12066 -> Spyware.Gator : Cleaned with backup
-> : Error during cleaning
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12076 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12503 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12509 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12519 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12526 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12527 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12528 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12532 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12549 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12577 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12579 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12580 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12655 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12722 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12724 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12730 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12734 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12735 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12736 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12740 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12742 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12761 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12766 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12776 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12891 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12906 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12928 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12930 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12933 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12958 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12959 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12968 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\12972 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13164 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13165 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13172 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13273 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13337 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13342 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13433 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13523 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13538 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13574 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13596 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13597 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13600 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13603 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13613 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13625 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13626 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\13791 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14007 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14014 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14308 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14370 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14568 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14579 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14610 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14612 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14613 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14614 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14616 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14617 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\14673 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15033 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15155 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15205 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15207 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15208 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15283 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15295 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15317 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15332 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15418 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15425 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15440 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15449 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15496 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15531 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15573 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15624 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15637 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15646 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15651 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15656 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15658 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15660 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15674 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15676 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15821 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15823 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15836 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15853 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15859 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15860 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15863 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15864 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15865 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15878 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15925 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15929 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15935 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15957 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15961 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15963 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15977 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15992 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\15997 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16040 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16235 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16248 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16313 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16325 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16376 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16606 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16660 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16693 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16696 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16715 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16730 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16731 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16732 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16736 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16742 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16759 -> Spyware.Gator : Cleaned with backup
-> : Error during cleaning
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16767 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16768 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16770 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16776 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16777 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16794 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16795 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16799 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16801 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16802 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16803 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16804 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16811 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16814 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16815 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16817 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16846 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16851 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16862 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16866 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16868 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16875 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16876 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16882 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16886 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16895 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16899 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16903 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16904 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16907 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16908 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16911 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16915 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16921 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16925 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16926 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16928 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16930 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16940 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16946 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16953 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16967 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16976 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16979 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16994 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\16998 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17000 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17019 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17051 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17054 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17064 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17067 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17069 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17071 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17075 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17167 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17168 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17172 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17181 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17275 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17299 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17304 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17321 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17820 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17821 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17822 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17834 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17892 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\17973 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18021 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18043 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18207 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18560 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18911 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18919 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18924 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18931 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18957 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18965 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18992 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\18996 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19001 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19014 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19021 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19082 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19091 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19165 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19170 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19173 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19213 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19618 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19624 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19700 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19789 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19792 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19809 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19842 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19960 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19990 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19994 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\19995 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20039 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20059 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20069 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20070 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20072 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20173 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20186 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20196 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20226 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20298 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20333 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20363 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20372 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20409 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20454 -> Spyware.Gator : Cleaned with backup
-> : Error during cleaning
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20569 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20570 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20601 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20682 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20790 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20897 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20899 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\20950 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21033 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21038 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21042 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21158 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21197 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21200 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21229 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21283 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21400 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21401 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21408 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21409 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21410 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21411 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21459 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21539 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21616 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21657 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21766 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21864 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21938 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21939 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21940 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21941 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21942 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21943 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21944 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21955 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\21977 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22045 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22046 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22047 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22212 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22219 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22284 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22326 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22380 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22397 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22411 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22417 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22443 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22457 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22470 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22518 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22605 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22826 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22841 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22850 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22853 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22855 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22860 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22861 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22868 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22869 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22874 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22878 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22886 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22945 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22954 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\22958 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23071 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23076 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23080 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23082 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23088 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23091 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23093 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23100 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23104 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23106 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23152 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23200 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23222 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23255 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23259 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23261 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23306 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23326 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23331 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23332 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23337 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23409 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23417 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23418 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23453 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23456 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23457 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23525 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23586 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23606 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23608 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23609 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23621 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23632 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23647 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23652 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23654 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23659 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23668 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23674 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23685 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23687 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23689 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23702 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23703 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23707 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23709 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23711 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23728 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23859 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23864 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23896 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23900 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23940 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23949 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23950 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23951 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23952 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\23980 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat\GMT\Banners\24077 -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Ga
  • 0

Advertisements

#11
Trevuren
Posted 06 September 2005 - 05:55 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
You forgot to send a fresh HJT log. :tazz:


Trevuren
  • 0

#12
lochlan99
Posted 07 September 2005 - 08:05 AM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi trevuren,

sorry about that!! please find it below, computer still v slow and can't use task manager - is that normal?

rgds

lochlan

Logfile of HijackThis v1.99.1
Scan saved at 15:04:26, on 07/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C604D2-EA53-4A17-8D46-08C2FDFE6048}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#13
Trevuren
Posted 07 September 2005 - 10:01 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {E1757CF5-D1DE-B6BF-7313-71B514B2709D} - (no file)
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C604D2-EA53-4A17-8D46-08C2FDFE6048}: NameServer = 195.92.195.95 195.92.195.94


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\WINDOWS\System32\kernels32.exe

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0

#14
lochlan99
Posted 12 September 2005 - 04:29 PM

lochlan99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi trevuren,

have followed your instructions exactly, no kernels.exe but was kernels.dll

computer still running v slow, took 10mins + to load MSwordstill can't access task manager.

rgds

lochlan


Logfile of HijackThis v1.99.1
Scan saved at 22:53:56, on 12/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#15
Trevuren
Posted 12 September 2005 - 05:55 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
OK before we go any farther, you must uninstall 1 of the two antivirus programs installed. Your choice. If Norton's subscription has lapsed and you do not intend to renew it then choose that one.

Once you have UNINSTALLED one, please post back a fresh HJT log.

Regards,

Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP