Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer Issues

Started by VVRayaVV , Oct 01 2005 12:05 AM

  • Please log in to reply

#1
VVRayaVV
Posted 01 October 2005 - 12:05 AM

VVRayaVV

    New Member

  • Member
  • Pip
  • 2 posts
I have a lot of problems on my PC and I need help. Here are logs from Edwido & Hijack this.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:40:50 AM, 10/1/2005
+ Report-Checksum: CA328BEA

+ Scan result:

[1112] C:\WINNT\System32\tjokxmz.exe -> Trojan.Agent.cp : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\ao3rfgq5.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\19051856.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\19051889.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76003203.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76005296.asw -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76005875.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76006421.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76006500.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76007453.asw -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\76008625.asw -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002844.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002868.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002932.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002941.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002957.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002958.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002959.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002974.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0002975.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003019.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003039.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003108.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003109.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003189.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003190.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003219.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003220.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003263.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003264.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003335.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003340.dll -> Spyware.MBKWBar : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003353.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003434.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003435.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003472.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003479.dll -> Spyware.NoName : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003480.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003488.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003495.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP6\A0003512.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0003515.exe -> Spyware.NoName : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0003524.exe -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0003528.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0003529.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004488.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004512.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004578.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004654.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004717.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004754.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004764.dll -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004765.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\System Volume Information\_restore{14777EC5-8DD8-4F5E-8CCA-9D8D102AA20D}\RP7\A0004779.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.4\epx30102.exe -> TrojanDownloader.Lastad.n : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.6\EPXActiveX.ocx -> TrojanDropper.Agent.or : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.7\EPXActiveX.ocx -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINNT\Downloaded Program Files\SAActiveX.ocx/VVSN.exe -> Adware.SaveNow : Error during cleaning
C:\WINNT\Downloaded Program Files\SAActiveX.ocx/VVSN.exe -> Adware.SaveNow : Error during cleaning
C:\WINNT\Downloaded Program Files\ss.exe -> Adware.SaveNow : Cleaned with backup
C:\WINNT\Downloaded Program Files\UWFX5RS_0001_0808NetInstaller.exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\WINNT\pconoh.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\actqbxq.exe -> TrojanDownloader.Lastad.i : Cleaned with backup
C:\WINNT\system32\actqbxqndw301lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\epx30103.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\epx30106.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINNT\system32\nsse.exe -> TrojanDownloader.Lastad.n : Cleaned with backup
C:\WINNT\system32\nssendw30102lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\qhiaqwi.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINNT\system32\qhiaqwiaeg05.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\spsndw30101lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\sstts.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINNT\system32\usqg.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\system32\usqgndw30103lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINNT\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End



HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:04:54 AM, on 10/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\110860~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINNT\ehome\ehSched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\PROGRA~1\COMMON~1\AOL\110860~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINNT\System32\ptjsgc.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\ehome\ehmsas.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2sea...sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINNT\System32\WinStat13.dll
O2 - BHO: (no name) - {35C49AC0-F67C-54F7-13F1-A4A5B28A6677} - (no file)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\System32\sstts.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AKHelper.HelperBHO - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {31D2D296-5547-4124-F67E-E0FCD9EAF25D} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ad Blocker Pro Toolbar - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - C:\Program Files\3B Software\3B Ad Blocker Pro\AKToolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1108602343\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINNT\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ewvbzf] C:\WINNT\System32\ptjsgc.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://216.203.124.2...ages/DMWebX.ocx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.a...77/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124404214781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.a...,18/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O20 - Winlogon Notify: sstts - C:\WINNT\System32\sstts.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements

#2
didom
Posted 01 October 2005 - 01:26 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You have a lot of nasty infections, and we'll start to clean the first one!

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.13 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINNT\System32\sstts.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINNT\System32\sttss.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\System32\sstts.dll
    O20 - Winlogon Notify: sstts - C:\WINNT\System32\sstts.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Edited by didom, 01 October 2005 - 01:27 PM.

  • 0

#3
VVRayaVV
Posted 01 October 2005 - 02:24 PM

VVRayaVV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
When I did all that you said on VundoFix, it says that both these file names don't exist. Please advise.
  • 0

#4
didom
Posted 02 October 2005 - 05:33 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please post a fresh HijackThis log!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP