Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Byte.verify


  • Please log in to reply

#1
geekygirl

geekygirl

    Member

  • Member
  • PipPip
  • 32 posts
I recently removed Trojan.Byte.verify from a SP2 system with Norton following all the steps. Since then I seem to be having random freezing issues. The computer completely freezes requiring the reset button to reboot. I am not sure if there may be something lurking around. And I am not sure if this is the actual problem. Please let me know if I should post somewhere else.
I run Spybot, Ad-aware and Counterspy. I also changed the settings in Ad-aware per the “start here” tools and re-ran it. I have followed all the steps listed on the “start here” forum. I was unable to run Trend housecall or Panda Activescan as they would not load.

All updates have been done.
As this is a random issue please take your time in helping me, I know you all are busy.

Thanks in advance.

Here are the results from Ewido scan, it’s all Mozilla stuff?
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:04:17 PM, 9/2/2005
+ Report-Checksum: 197A079F

+ Scan result:

:mozilla.14:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Jennifer\My Documents\Backup of Mozilla\Profiles\default\0i89ji7g.slt\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.529:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\ltmvzm6n.scrappy\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jennifer\Application Data\Phoenix\Profiles\DEFAULT\3im3vgd8.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\8rsmv6u8.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\8rsmv6u8.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\8rsmv6u8.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\8rsmv6u8.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\aiz8w44v.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:27:30 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\G-VGA.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jennifer\My Documents\downloads\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122666836296
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.ho...ex/HMAtchmt.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Then reboot safe mode and use the DiskCleanup Tool to empty all your Temp folders.

To avoid getting all the tracking cookies, please read:
http://privacy.getne...browsing/tools/

Post a new HijackThis log when you are done.

Regards,
  • 0

#3
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you for your help! I have completed the steps you asked.

Logfile of HijackThis v1.99.1
Scan saved at 3:07:26 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\G-VGA.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\default.x73\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122666836296
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.ho...ex/HMAtchmt.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Good job. That looks clean now.

Did you have any more freezes?

Regards,
  • 0

#5
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
No more freezing.

Not sure now if it was this or the usb hardware I just removed as it would not work right.

In any event, thank you very much for your help. It was nice of you to take your free time to help me. :tazz:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
No problem. :tazz:

Glad we could help.
I'll leave this thread open just in case the problem comes back.

Hope not

Regards,
  • 0

#7
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Is there any chance that anything that was done could have resulted in Yahoo incessantly asking for my password even when I am logged in? I mean like 3 times in a row. I primarily use Firefox and clean my cache whenever I think about it. I checked on the Yahoo help section to no avail. I also changed the password prompt to every 24hrs. I can just switch between My Yahoo and Yahoo mail while logged in and it requires 3 password entries.

Thanks again!
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I'm sorry geekygirl

I have no experience with those programs. :tazz:
Maybe you can ask in another part of the forum?

Regards,
  • 0

#9
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hey Metallica,

Sorry to bug you again :tazz: but I was referred back to this thread for this new problem. I am trying to assist someone in removing the Vundo B Trojan and this is where I am at now, I hope you can help. I had just turned off system restore in this Dell XP SP2 system and through msconfig had changed the boot to safe mode. After I changed the setting I did not immediately restart as prompted but did a few other things for a few minutes. When I do shut down and restart the computer hangs on the black safe mode screen. It starts to boot, gives me the Welcome to XP screen then goes back to the black screen. It flashes a box asking me to confirm the mode (at least I think that is what it was asking) but disappears before I can select anything. I have held F8 and it does bring up other boot options but nothing is working. If it helps I can get into Bios.

Is there anyway to get back to the desktop somehow? I need to get into it to fix it but am at a loss how. Any suggestions are welcome.
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi geekygirl,

Is there any way you can access the hard drive from outside?
Floppy's, Windows CD, dual boot, whatever.
  • 0

Advertisements


#11
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I have tried the restore disk labeled #1 and for some reason it says it is not XP but is 98 but does get me to a screen that will restore it to factory settings? That will wipe the HD will it not? There is restore disk #2 that says it is XP Pro but will not work at all. I changed the boot order and all that. This pc has 1 HD, I think I may have an extra laying around that had ME on it, should I try it that way?
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
The Restore CD is worthles for what we will try to do.
It will indeed wipe your drive clean and restore the computer to the state it was in when you bought it.

Did you ever make boot floppies?

If not, please download and use sometyhing like the Ultimate Boot CD, available here: http://www.softpedia...e-Boot-CD.shtml

I think I will need to see the content of C:\boot.ini

So if you made the CD or floppies copy the boot.ini and post back with the content.

Regards,
  • 0

#13
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It has come down to me having ripped out the HD and stuck it in an old 98 system that we had lying around. So far I have run TrojanHunter which found a few nasties and cleaned them up. I also ran AVG which also cleaned a few things. I was moving files off the HD that she needs should we not be able to recover it. As far as I know she never made any boot floppy's. I am trying to download the program you have suggested but seem to be having problems getting it.

I have gone into the drive on the computer and found this file which I hope is what you asking for it is Boot.ini

I am typing this so anything that was lowercase, caps or spaces may be missed:

[boot loader]
timeout=30
default=multi(0)disk(0)partitions(1)WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Professional"/fastdetect/noexecute=optin/safeboot:minimal



If I should put the HD back in the original computer please let me know and I can do that.

Thank you so much for your help. I also know the GrandMa-to-be who's PC this is also thanks you.
  • 0

#14
geekygirl

geekygirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you Metallica, you gave me a good idea. I copied the boot.ini from my XP system to the one not working while the HD was hooked up to the other machine. Now it boots, I am going to try to run antivirus, Spybot and AdAware then post a HJT log when I am done.

Thank you soooooo much again.


ETA: HJT

Logfile of HijackThis v1.99.1
Scan saved at 11:12:35 PM, on 10/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Administrator\My Documents\Utilities\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINDOWS\Java\ControlF1\STMeeting25.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by geekygirl, 21 October 2005 - 10:16 PM.

  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
LOL. Getting one step ahead of me. :tazz:
I like that when it works. :)

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)


Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder)

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP