Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Elitebar and Hijack.Rootkit [RESOLVED]


  • This topic is locked This topic is locked

#1
BrianGreiner

BrianGreiner

    Member

  • Member
  • PipPip
  • 16 posts
Hey there,

I recently opened a file sent by a friend...at least I thought it was.
Now I have these viruses on my computer. When I log on, Norton pops up right aways saying that it has detected a virus on my computer.

C:\Documents and Settings\BGreiner\msdirectx.sys
Virus name: Hacktool.Rootkit
Action: unable to repair this file

After I click ok, Norton pops up again, saying it has detected a virus.

This time the virus name is Trojan.Elitebar. I click ok and it pops up 2 more times saying it has detected Trojan.Elitebar.

Also when my computer is started up and I log on, after a couple minutes sometimes it goes to a blue screen and says that "windows has shut down to avoid being damaged".

Another thing....sometimes my mozilla firefox automatically opens to a blank page and in the top left corner of the page it says "%s\6arab2.html". And in the address bar it says "file///C:/Docum~1/BGreiner/Locals~1/Temp/6arab2.html".

Any help you could provide would be greatly appreciated.
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the log from my ewido scan


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:40:59 PM, 9/14/2005
+ Report-Checksum: 3DEBE6FF

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564EA119} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buddylinks.net -> Spyware.BuddyLinks : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSD Tools ChannelUp -> Spyware.BuddyLinks : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\DelFin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\Support Software\Params -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-927890586-1434109735-2322020850-1010\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
C:\Documents and Settings\BGreiner\Application Data\chglchzthggrr.exe -> TrojanDownloader.FunWeb : Cleaned with backup
:mozilla.26:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.78:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.103:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.104:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.109:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.110:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.111:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.115:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.121:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.135:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.142:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.143:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.144:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.149:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.150:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.151:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.152:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.162:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.163:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.164:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.165:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.167:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.168:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.169:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.170:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.171:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.172:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.178:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.179:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.180:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.181:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.182:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.183:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.186:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.187:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.188:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.192:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.200:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.201:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.202:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.203:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.204:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.205:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.206:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.211:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.212:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.213:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.214:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.215:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.216:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.217:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.218:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.219:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.224:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.225:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.232:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.233:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.234:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.235:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.259:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.260:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.261:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.262:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.263:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.264:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.266:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.273:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.296:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.297:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.298:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.299:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.300:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.301:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.333:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.334:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.335:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.339:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.340:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.343:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.344:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.356:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.357:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.358:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.359:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.361:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.362:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.363:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.364:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.365:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.366:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.368:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.370:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.431:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.432:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.433:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.434:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.435:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.436:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.440:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.441:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.442:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.443:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.444:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.505:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.519:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.520:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.521:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.522:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.523:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.550:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.551:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.578:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.579:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.580:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.608:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.611:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.645:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.649:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.650:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.730:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.731:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.734:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.735:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.737:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.758:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.762:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.763:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.764:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.789:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.790:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.794:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.812:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.830:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.831:C:\Documents and Settings\BGreiner\Application Data\Mozilla\Firefox\Profiles\default.7rf\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\BGreiner\Application Data\Netscape\NSB\Profiles\izp86vnx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\BGreiner\Application Data\uxcthrgq.exe -> Spyware.Lop : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@1us.cqcounter[1].txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz5.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@cz9.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@download.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@e-2dj6wjk4upazibp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@oxcash[2].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@programs.wegcash[1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\BGreiner\Cookies\bgreiner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\BGreiner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\BGreiner\My Documents\The Folder\Randoms\viagra.exe -> Not-A-Virus.Joke.Viagra : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adserv.internetfuel[1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde7D.tmp/bdesecureinstall.exe -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde7D.tmp/chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde7D.tmp/BDEVerify.exe -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde7D.tmp/BDEVerify.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde81.tmp/bdeload.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde83.tmp/bdeplayer2.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde85.tmp/BDEEngine2.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde87.tmp/bdeimage.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde89.tmp/npbdplay2.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde8B.tmp/BDESac24.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde8D.tmp/BDESac10.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde93.tmp/BDERastDx6_30002.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\BDECache\bde95.tmp/bdeviewer.exe -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DQ72W3DV\dw[1].exe -> TrojanDownloader.Realtens.f : Cleaned with backup
C:\Program Files\buddylinks.net\Games\Saddam Game\shell.exe -> Spyware.MetaDirect : Cleaned with backup
C:\Program Files\KaZaA Lite\TopSearch.dll -> Spyware.TopSearch : Cleaned with backup
C:\Program Files\Support Software\install.exe -> Spyware.Downloadware : Cleaned with backup
C:\Program Files\Support Software\SS2.DLL -> Spyware.MediaPops : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\Free_Mp3search.exe -> Spyware.Lop : Cleaned with backup
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\save.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\SYSTEM32\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\iedriver.exe -> Spyware.IEDriver : Cleaned with backup
C:\WINDOWS\SYSTEM32\VVSN_SCNC0704Inst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\Temp\brilliant\b3d3105Package.cab/bdeclean.exe -> Adware.BrilliantDigital : Cleaned with backup


::Report End
  • 0

#4
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:40:38 PM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\lockx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wall Street Journal Online News Alerts\WSJAlerts.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\etb\pokapoka65.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BGreiner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com...earch/?ptnrS=BW
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\BGreiner\My Documents\ARES\Ares.exe" -h
O4 - HKCU\..\Run: [Wall Street Journal Online News Alerts] C:\Program Files\Wall Street Journal Online News Alerts\WSJAlerts.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.s...mlbst8402_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.s...lgcst1010_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webrespo...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ron/install.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#5
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok..

Please download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Don't reboot yet:

Please download miekiemoes' LQfix here:

LQFix

and place it on your desktop.
Doubleclick LQfix.exe and click "Install".
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

Once finished with the steps, please post a fresh HiJackThis log :tazz:
  • 0

#6
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the logfile of HijackThis. I also want to point out that I received several notifications from norton about a virus called Backdoor.Sbot.



Logfile of HijackThis v1.99.1
Scan saved at 11:13:39 AM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Documents and Settings\BGreiner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com...earch/?ptnrS=BW
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.s...mlbst8402_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.s...lgcst1010_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webrespo...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ron/install.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, first, I really need you to disable Ewido Guard & Trojan Hunter guard. We don't want them to interfere with the fixes--

Next:

Please download and run blacklite
F-Secure Blacklight: http://www.f-secure....light/try.shtml
leave [X]scan through windows explorer checked,
click > scan > If any items are found click > next and reboot.

How to use F-Secure Blacklight
http://www.europe.f-...lacklight/help/

Let me know if Blacklight found anything..
  • 0

#8
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I disabled ewido and trojanhunter. do i need to reboot for those changes to take effect?
I haven't rebooted yet, but I went ahead and ran blacklight and it said

scan complete
no hidden items found
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, reboot and post a fresh log. :tazz:
  • 0

#10
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
norton still saying it finds Trojan.Elitebar and also Backdoor.Sdbot

Logfile of HijackThis v1.99.1
Scan saved at 12:14:46 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\etb\pokapoka67.exe
C:\Documents and Settings\BGreiner\Desktop\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searc...ine.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1800searc...ine.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1800searc...ine.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com...earch/?ptnrS=BW
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\etb\pokapoka67.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.s...mlbst8402_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.s...lgcst1010_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webrespo...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ron/install.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#11
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
First, can you delete your current LQfix. Next, please:

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
Leave the default settings. If you change them, the fix will fail.
Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.
  • 0

#12
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
norton still saying it finds 5 backdoor.sdbot viruses

ran hijack this again

Logfile of HijackThis v1.99.1
Scan saved at 12:42:47 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Documents and Settings\BGreiner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com...earch/?ptnrS=BW
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adsonwww.com/...L?zone=enternet
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.s...mlbst8402_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.s...lgcst1010_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webrespo...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ron/install.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.budd...llInstaller.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#13
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

  • 0

#14
BrianGreiner

BrianGreiner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Incident Status Location

Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Spyware:spyware/bargainbuddy No disinfected C:\PROGRAM FILES\Bargain Buddy
Adware:adware/buddylinks No disinfected C:\PROGRAM FILES\buddylinks.net
Adware:adware/comedy-planet No disinfected C:\PROGRAM FILES\Comedy-Planet
Adware:adware/delfinmedia No disinfected C:\PROGRAM FILES\DelFin
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Adware:adware/keenvalue No disinfected C:\PROGRAM FILES\PerfectNav
Adware:adware/ist.istbar No disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Spyware:spyware/altnet No disinfected C:\WINDOWS\TEMP\Adware
Adware:adware/elitebar No disinfected C:\Documents and Settings\BGreiner\Favorites\Casino & Carrers
Adware:Adware/IST.YourSiteBar No disinfected C:\Documents and Settings\BGreiner\Local Settings\Temp\6arab4.html
Adware:Adware/KeenValue No disinfected C:\Program Files\Kazaa\PerfectNavUninstall.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\KaZaA Lite\bdcore.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\Temp\brilliant\b3d3200package.cab
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\Temp\brilliant\b3d3200package.cab[bdedetect1.dll]
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\Temp\brilliant\b3d3200package.cab[bdeclean.exe]
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\Temp\brilliant\b3dsetup.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\Temp\brilliant\setup.exe
Virus:W32/Sdbot.EFG.worm Disinfected C:\xz.bat
  • 0

#15
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Go to -> Start -> Control Panel and uninstall the following entries if present:

Bargain Buddy
buddylinks.net
Comedy-Planet
DelFin
Lycos
PerfectNav
Totem Shared


Next, navigate to and delete the following files/folders:

C:\WINDOWS\smdat32a.sys
C:\PROGRAM FILES\Bargain Buddy
C:\PROGRAM FILES\buddylinks.net
C:\PROGRAM FILES\Comedy-Planet
C:\PROGRAM FILES\DelFin
C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\PerfectNav
C:\PROGRAM FILES\COMMON FILES\Totem Shared
C:\WINDOWS\TEMP\Adware
C:\Documents and Settings\BGreiner\Favorites\Casino & Carrers
C:\Documents and Settings\BGreiner\Local Settings\Temp\6arab4.html
C:\Program Files\Kazaa\
C:\Program Files\KaZaA Lite\
C:\WINDOWS\Temp\brilliant\
C:\xz.bat


Once done:
  • Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Then post a fresh HijackThis log. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP