Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wininet.dll was not found

Started by DodgyRog , Sep 16 2005 07:04 AM

  • Please log in to reply

#1
DodgyRog
Posted 16 September 2005 - 07:04 AM

DodgyRog

    Member

  • Member
  • PipPip
  • 13 posts
I've been reading through similar problems that other users have had but have been unable to decide if any of the solutions you have suggested would be appropriate as they all seem to rely on downloading stuff from the net.

I know that one of my PCs has been infected with the Bloodhound virus as I saw the notification. Then the PC started to grind to a halt with all processes taking absolutely ages. Rightly or wrongly, I rebooted and then received that well known message: This application has failed to start because WININET.DLL was not found.
I can not access Desktop or Explorer, etc. although I can run programs through the CTRL+ALT+DEL service (Taskmanager?)

The PC in question does not have a copy of Hijackthis.

Is it still possible to access the Net through the infected PC without using Explorer?

If not, I have access to the Net via my second PC and could transfer files from one to the other via CD (the A: drive is disabled on the infected PC alas) if shown how (I assume it would involve DOS prompt work).

Is it possible to transfer an unzipped copy of HijackThis onto the infected PC via CD?

All assistance and advice gratefully received. :tazz:

Rog
  • 0

Advertisements

#2
loophole
Posted 20 September 2005 - 06:19 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
DodgyRog , Sorry we missed you. Can you please tell me Exactly what you have tried and the current state of the PC

Thanks
  • 0

#3
DodgyRog
Posted 21 September 2005 - 12:58 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Loophole,

Thanks for the reply.

As to what I have tried, very little apart from trying to start the PC in Safe Mode. This comes up with the same message about WININET.DLL not being found. Ends up with a black screen and the words 'Safe Mode' in each corner.

The current state (if this is what you mean) of the PC is as follows:

I can boot up in normal mode but Explorer fails to start because of the missing dll file. I have my normal desktop wallpaper but that is all. No other icons appear. I can access the taskmanager(?) by using CTRL+ALT+DEL and run processes through that. The PC in question is primarily used for mine and my daughter's games and for music.
It is LAN'd to my other PC via a router (but I've been reluctant to open the link for fear of transferring the virus onto this PC!)

Please let me knw if there is any further information you require.

Many thanks for the help,

Regards,

Rog
  • 0

#4
loophole
Posted 22 September 2005 - 05:23 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok thru task manager click on file>>>> new task then type the below in the box

C:\WINDOWS\SYSTEM32\DLLCACHE

Inside the "DLLCACHE" folder, locate wininet.dll. Right-click on it and choose "copy" (NOT cut!).

Then go back into task manager click on file>>>> new task then type C:\WINDOWS\System32
Right-click an open space and choose "Paste".

Reboot your computer and tell me how it goes
  • 0

#5
DodgyRog
Posted 23 September 2005 - 01:24 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Followed instructions but everytime I typed in "\" I got the same message about Wininet.dll Not Found.

Using 'Browse', I went to the folder you specified but the DLLCACHE folder is not there. I have checked on my other system and it should be between 'DirectX' folder and 'Drivers' folder but on the infected system that folder is missing.

I tried using 'find.exe' but on pressing 'enter' I get a pop up screen that appears for a split second and then disappears.

Where do we go next?

Rog

Edited by DodgyRog, 23 September 2005 - 02:07 AM.

  • 0

#6
loophole
Posted 23 September 2005 - 10:55 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
You seem like you know your way around a computer. so lets look in this folder

C:\WINDOWS\ServicePackFiles\i386

and the copy and paste the wininet.dll from that folder into the

C:\windows\system32 folder

we have plenty more options to try after this if it fails and also do you have a windows Cd
  • 0

#7
DodgyRog
Posted 23 September 2005 - 12:08 PM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes loophole, I used to be a mainframe computer operator back in the days when the height of desktop technology was a PS2/70! :)
I got made redundant about a year before PC technology went thru the roof and so missed all the fancy new stuff. I know my way around a pc, inclduing a bit of DOS stuff but don't ask me what it all means!

Anyway, have tried looking in the i386 folder but WININET.DLL isn't there either. I haven't got the Windows CD to hand but I can get it in a couple of days if needed.

Also, I have tried to see if I can access either of my CD drives on the infected PC but can't seem to get the system to see them.

Thanks for your help with this. Here's hoping we can get it sorted. My daughter is hassling me to be able to play her games again! :tazz:

Rog
  • 0

#8
loophole
Posted 23 September 2005 - 12:52 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Good hopefully this will make this easier

open notepad and type the following in exactly as shown

dir %Systemdrive%\wininet.dll /a /s > files.txt
start notepad files.txt

Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files".

Save it as wininet.bat to your the root of your C:drive, for instance C:\wininet.bat

Now through task manager go file, new task then type C:\wininet.bat

this should give you the locations of all the wininet.dll files on your computer.

You will need to copy and paste one of these wininet.dll files into your system 32 folder then reboot
and let me know
  • 0

#9
DodgyRog
Posted 25 September 2005 - 04:11 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
loophole,

Hope I haven't gone too far:

Did as instructed, found wininet.dll. Rebooted. System up with access to explorer, desktop etc except my desktop background has been replaced with a black screen and a message saying:

WARNING
Your computer might be infected with adware or spyware
Click here <weblink> to get the latest spyware removal tools.

Also got the same Norton virus warning about Bloodhound.w32.EP.


I have copied and run hijackthis onto the PC. Log follows.

Cheers,

Rog



Logfile of HijackThis v1.99.1
Scan saved at 11:01:26, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NProtect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\intell32.exe
C:\Program Files\Internet Explorer\ixplore.exe
C:\Program Files\clearlybookkeeping\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\intmonp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rog\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpecialof...om/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.zpecialoffer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialof...om/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpBA23.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ixplore] "C:\Program Files\Internet Explorer\ixplore.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\clearlybookkeeping\QuickBooks\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NProtect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#10
loophole
Posted 25 September 2005 - 03:20 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK here we go

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Next


Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.


post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Thanks :tazz:
  • 0

Advertisements

#11
DodgyRog
Posted 26 September 2005 - 02:27 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Whoops!

OK Loophole, I hope I haven't screwed this up as I mis-read some of your instructions.

I downloaded LSPfix.exe, smitRep and Ewido all in one go, removed all New.Net stuff from add/remove programs and then rebooted in Safe Mode.

Ran smitRep and Ewido and created new Hijackthis log but am unable to access internet. LSPfix showed no programs in the 'remove' section but hit "Finish" instead of just closing the program.

Then, because of the misreading of instructions, I rebooted the PC in normal mode and got as far as the User Log On screen before realising I shouldn't have done this! The PC is currently at this point. Not Logged on.

If I have messed things up I am very sorry for wasting your time. Have I messed this up or can I just shutdown and restart in Safe Mode without compromising any fixes we have done?

Rog
  • 0

#12
DodgyRog
Posted 26 September 2005 - 02:28 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Whoops!

OK Loophole, I hope I haven't screwed this up as I mis-read some of your instructions.

I downloaded LSPfix.exe, smitRep and Ewido all in one go, removed all New.Net stuff from add/remove programs and then rebooted in Safe Mode.

Ran smitRep and Ewido and created new Hijackthis log but am unable to access internet. LSPfix showed no programs in the 'remove' section but hit "Finish" instead of just closing the program.

Then, because of the misreading of instructions, I rebooted the PC in normal mode and got as far as the User Log On screen before realising I shouldn't have done this! The PC is currently at this point. Not Logged on.

If I have messed things up I am very sorry for wasting your time. Have I messed this up or can I just shutdown and restart in Safe Mode without compromising any fixes we have done?

Rog
  • 0

#13
loophole
Posted 26 September 2005 - 05:16 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
So you can log into safe mode but not into normal windows ?and if you can log into safe mode can you access your cd drives?We may have to download some thing and transfer them to the infected comp.I would get an XP cd ready just incase. It doesn't have to be yours, any will do.
  • 0

#14
DodgyRog
Posted 27 September 2005 - 04:14 AM

DodgyRog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Think we may be at cross purposes here. I didn't complete the re-boot in Normal mode because you had not told me to. I thought it would be better to await instructions. as you haven't screamed at me for going to far, I have now completed the log on process and have access to the Internet. smitRem, Ewido and Hijackthis logs follow:

Rog


Logfile of HijackThis v1.99.1
Scan saved at 09:09:06, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rog\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\clearlybookkeeping\QuickBooks\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NProtect.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 07:05:36, 26/09/2005
+ Report-Checksum: 29527498

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_trickle -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_ts -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\GInternet -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\GInternet\Proxy -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-746137067-1614895754-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\lauren@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Lauren\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\FFTJVTK8\3[1].htm/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Lauren\Local Settings\Temporary Internet Files\Content.IE5\FFTJVTK8\counter[1].jpg/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\rog@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Rog\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Rog\Local Settings\Temporary Internet Files\Content.IE5\09SPQV81\vc3_05b[1].exe -> TrojanDownloader.Zlob.aa : Cleaned with backup
C:\Documents and Settings\Rog\Local Settings\Temporary Internet Files\Content.IE5\0H6NWTU3\dba1865[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Rog\Local Settings\Temporary Internet Files\Content.IE5\ORJV28H1\alaunch[1].cab/gsda.dll -> Dialer.Generic : Cleaned with backup
C:\Program Files\Common Files\CMEII\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GAppMgr.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GController.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GDwldEng.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIocl.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GIoclClient.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GMTProxy.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GObjs.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GStore.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\GStoreServer.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\Gtools.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\egIEEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GUninstaller.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\iMesh\Client\DatingCity\DCInstaller.exe -> Spyware.DatingCity : Cleaned with backup
C:\Program Files\Internet Explorer\calc.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Internet Explorer\fix.exe -> TrojanDownloader.Small.ash : Cleaned with backup
C:\Program Files\Internet Explorer\ixplore.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
C:\RECYCLER\NPROTECT\00006687.dll -> Trojan.Small.ev : Cleaned with backup
C:\RECYCLER\NPROTECT\00006691.DLL -> Spyware.MyWay : Cleaned with backup
C:\RECYCLER\NPROTECT\00006693.dll -> Spyware.Neon : Cleaned with backup
C:\RECYCLER\NPROTECT\00006994.exe -> Dialer.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00006998.exe -> Dialer.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00007171.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_0_446400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_0_446500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_0_446600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_500800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_500800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_504000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_504800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_504800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_505400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_512200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_517000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_520300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_525300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_541600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_549100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_555000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_557800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_564000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_571200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_583000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_583800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_586700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_586900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_590100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_597300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_611000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_613900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_615900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_616400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_616400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_626300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_629200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_629200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_629600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_629600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_630900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_631100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_631100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_631300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_631300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_632100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_632100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_1_648300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_504500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_504500.jpg -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_506500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_517000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_520500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_521900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_522600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_528600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_532200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_573200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_583800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_605500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_613900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_613900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_615900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_615900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_616400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_616400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_626300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_627300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_638000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_2_639300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_3_517000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_0_3_626300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_1_0_449000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_1_0_449400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_1_0_449500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_500000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_512800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_512800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_526900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_530100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_543000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_564200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_565200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_568700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_578200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_579500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_585800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_590300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_590300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_610000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_614900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_617300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_617300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_617400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_619200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_619200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_620600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_620600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_621300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_621300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_623200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_623200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_624400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_626900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_626900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_627700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_627700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_641900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_657900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_1_681700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_543000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_578200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_579500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_584500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_584500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_587300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_609600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_619200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_619200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_620600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_620600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_621300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_621300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_623200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_623200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_626900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_626900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_627700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_627700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_655400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_665100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_2_665100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_600400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_600400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_600500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_600500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_617300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_3_617300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_338_2_4_539900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe -> Spyware.P2PNetworking : Cleaned with backup


::Report End



smitRem log file
version 2.5

by noahdfear

The current date is: 25/09/2005
The current time is: 23:32:16.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Online Gambling.url
online dating.url
Online Dating.url


~~~ system32 folder ~~~

intell32.exe
wppp.html
intmonp.exe
msmsgs.exe
ole32vbs.exe
msole32.exe
hp***.tmp
shnlog.exe
intmon.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

uninstIU.exe
sites.ini
popuper.exe


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :tazz:
  • 0

#15
loophole
Posted 27 September 2005 - 02:21 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
That looks alot better. Sorry for the misunderstanding. Run the smitrem tool one more time and then rescan with hijack and check any of the following lines if present

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe


Click fix checked

Now lets clean up the leftovers

Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log

Thanks :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP