Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm having big problems. [CLOSED]

Started by Cyphonik , Sep 11 2005 09:47 PM

  • This topic is locked This topic is locked

#1
Cyphonik
Posted 11 September 2005 - 09:47 PM

Cyphonik

    Member

  • Member
  • PipPip
  • 69 posts
I have problems with pop-ups and things installing automatically to my computer. I don't know where to turn and a friend said this is the best place to go to find the answers to my problems I hope you can help. He told me to post a HijackThis report so here it is. Please help me ASAP thank you.

Logfile of HijackThis v1.99.1
Scan saved at 8:46:28 PM, on 9/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Apnbckn\Cqjqoza.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\lfcpui.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\lanfi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wgamezone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Gbjjakh] C:\Program Files\Apnbckn\Cqjqoza.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [2snT3Fj] lfcpui.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JB43RPH7R] lanfi.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk121YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c10.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



Again thank you for your time. :tazz:
  • 0

Advertisements

#2
Cyphonik
Posted 13 September 2005 - 10:12 AM

Cyphonik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
:tazz:

Edited by Cyphonik, 14 September 2005 - 02:22 PM.

  • 0

#3
loophole
Posted 17 September 2005 - 06:09 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.
Please post a brand new Hijack log and we will begin.

Thanks :)
  • 0

#4
Cyphonik
Posted 19 September 2005 - 08:39 AM

Cyphonik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:26:28 AM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Apnbckn\Cqjqoza.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\lfcpui.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\lanfi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wgamezone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Gbjjakh] C:\Program Files\Apnbckn\Cqjqoza.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [2snT3Fj] lfcpui.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JB43RPH7R] lanfi.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk121YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c10.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


This is the new one. Using Windows XP SP2
  • 0

#5
loophole
Posted 19 September 2005 - 03:30 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello and welcome to Geeks to Go:tazz:

I see you have been infected by malware. Lets get you fixed up.
Please follow the directions as closely as you can . Lets begin

Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido


You may wish to print out a copy of these instructions to follow while you complete this procedure



Disconnect from the internet


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=11305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Gbjjakh] C:\Program Files\Apnbckn\Cqjqoza.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [2snT3Fj] lfcpui.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKCU\..\Run: [JB43RPH7R] lanfi.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk121YYUS
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c10.cab

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Aprps
Media Access
AutoUpdate
WinTools
Apnbckn



color=blue]Please note any other programs that you dont recognize in that list in your next response[/color]

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Media Access
C:\Program Files\AutoUpdate
C:\Program Files\Aprps
C:\Program Files\Apnbckn
C:\Program Files\WinTools


Please delete these files using Windows Explorer(if present):

C:\WINDOWS\dnscleaner.exe
lfcpui.exe <<<<<>>>>> You will have to use the search function for this one

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.If asked to reboot select NO

Now open Ewido
:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot and post the Ewido log and a new [b]Hijack log.

Thanks
  • 0

#6
Cyphonik
Posted 21 September 2005 - 11:18 AM

Cyphonik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Sorry...I just got home from working 3 double shifts so am a little tired however, I will post it tonight when I get home and on the computer. Thank you again
  • 0

#7
Cyphonik
Posted 21 September 2005 - 10:36 PM

Cyphonik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:15:58 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wgamezone.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://ad.trafficmp....ler_VENDARE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


Here is the HiJack This file.

Ewido is posted below.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:34:56 PM, 9/21/2005
+ Report-Checksum: 746F72E1

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{99A8E2B2-3405-4C0D-9110-131C14CAAF62} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{29E825AA-13BC-457C-806A-D72E4A25B3C5} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko\Hyperbar -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko\Hyperbar\Modules -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko\Hyperbar\Prod -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko\Hyperbar\Prod\{4B2F5308-2CB0-40E2-8030-59936ED5D22C} -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Igor V. Gunko\Hyperbar\Prod\{4B2F5308-2CB0-40E2-8030-59936ED5D22C}\Ctx -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Igor V. Gunko -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Igor V. Gunko\Hyperbar -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Igor V. Gunko\Hyperbar\Prod -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Igor V. Gunko\Hyperbar\Prod\{4B2F5308-2CB0-40E2-8030-59936ED5D22C} -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Igor V. Gunko\Hyperbar\Prod\{4B2F5308-2CB0-40E2-8030-59936ED5D22C}\Ctx -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1202660629-1979792683-725345543-1004\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
[3668] C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD : Error during cleaning
[3016] C:\Program Files\Apnbckn\Cqjqoza.exe -> Trojan.Small.cy : Cleaned with backup
[1360] C:\Program Files\Aprps\WinGenerics.dll -> Spyware.AproposMedia : Cleaned with backup
[3704] C:\Program Files\Aprps\cxtpls.dll -> TrojanDownloader.Apropo.w : Cleaned with backup
[3980] C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Error during cleaning
[3768] C:\Program Files\Aprps\cxtpls.dll -> TrojanDownloader.Apropo.w : Error during cleaning
[4928] C:\Program Files\NaviSearch\bin\nls.exe -> Spyware.BargainBuddy : Error during cleaning
:mozilla.15:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Kassandra\Application Data\Mozilla\Firefox\Profiles\utjmgjj7.Christopher Whitman\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\kassandra@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\kassandra@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\[email protected][1].txt -> Spyware.Cookie.Bargain-buddy : Cleaned with backup
C:\Documents and Settings\Kassandra\Cookies\kassandra@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kassandra\Local Settings\Temporary Internet Files\Content.IE5\XH7TAV2R\installer_VENDARE[1].cab/installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Program Files\Apnbckn\Cqjqoza.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\cnrnprlp\chljhtcfpp\hpftapjtn.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\cnrnprlp\etdjjlhb\pffrallc.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD : Error during cleaning
C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Error during cleaning
C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD : Error during cleaning
C:\Program Files\NaviSearch\bin\nls.exe -> Spyware.BargainBuddy : Error during cleaning
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupons : Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab : Cleaned with backup
C:\WINDOWS\dnscleaner.exe -> Spyware.Melkosoft : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\download.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\lanfi.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\system32\lfcpui.exe -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\msbe.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nvms.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\wvwkb.dat -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\yxsholugff21.dll -> TrojanDownloader.Small.rr : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning


::Report End
  • 0

#8
loophole
Posted 22 September 2005 - 10:08 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Looks much better :tazz:

Lets run one more scan to clean up the leftovers

Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log

Thanks :)
  • 0

#9
Cyphonik
Posted 23 September 2005 - 05:48 PM

Cyphonik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Incident Status Location

Adware:adware/superspider No disinfected C:\PROGRAM FILES\q330994.exe
Adware:adware/pacimedia No disinfected C:\Documents and Settings\Kassandra\Favorites\1111\1111.url
Adware:adware/quicksearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
Spyware:spyware/media-motor No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\mm81.ocx
Adware:adware/cws.searchmeup No disinfected C:\new.exe
Adware:adware/msxmidi No disinfected C:\WINDOWS\msxmidi.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/ucmore No disinfected C:\WINDOWS\ucmoreiex.exe
Spyware:spyware/altnet No disinfected C:\Documents and Settings\Kassandra\Start Menu\Programs\Altnet
Adware:adware/apropos No disinfected C:\PROGRAM FILES\Aprps
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected C:\Documents and Settings\Kassandra\Favorites\Casino & Carrers
Adware:adware/wupd No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-3c4d7284.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-3c4d7284.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-3c4d7284.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-3c4d7284.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-226865fa-61c01852.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-226865fa-61c01852.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-226865fa-61c01852.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-226865fa-61c01852.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-68f1830a.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-68f1830a.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-68f1830a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-26835cc3-68f1830a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[Xeyond.class]
Virus:Trj/Lowzones.IH Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-66a18b46-467b2645.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-297ed74b.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-297ed74b.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-297ed74b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Kassandra\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fa973e1-297ed74b.zip[Installer.class]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\pstub0\proxystub.dll
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Surstroy(2)\Cache\00004d06_431acafc_0006ea05
Adware:Adware/Ucmore No disinfected C:\WINDOWS\ucmoreiex.exe
and

Logfile of HijackThis v1.99.1
Scan saved at 4:48:25 PM, on 9/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wgamezone.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://ad.trafficmp....ler_VENDARE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thank you.
  • 0

#10
loophole
Posted 24 September 2005 - 12:48 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Click here to download Pocket Killbox by Option^Explicit

Look in add\remove programs and see if Aprps is in there if it is uninstall it as well as Altnet


Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there

C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\mm81.ocx
C:\new.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\ucmoreiex.exe
C:\Documents and Settings\Kassandra\Start Menu\Programs\Altnet
C:\PROGRAM FILES\Aprps



Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.

Then

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.


Post a new hijack log and tell me how your system is running now.

Thanks :tazz:

Edited by loophole, 24 September 2005 - 12:49 AM.

  • 0

#11
loophole
Posted 14 October 2005 - 10:09 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP