Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan alert, Freepod.com [RESOLVED]

Started by singer1993 , Oct 01 2005 09:05 PM

  • This topic is locked This topic is locked

#1
singer1993
Posted 01 October 2005 - 09:05 PM

singer1993

    New Member

  • Member
  • Pip
  • 3 posts
I originally came here for help with a startup process--one of my kids clicked on a link sent by a "friend", and now when any users log in, a small pop-up window appears titled "Powered by freepod.com" and says "your content is downloading".
Firefox opens to the following page:
http://www.007guard....ilename=4&page=
2&caption=4&text=4&optin=&optout=http://www.007guard.com/freeaccess/
optout.php&aff=3160&ext=1

Windows Media Player then opens and plays a couple of minutes of [bleep].

I followed all the instructions for first-timers (Cleanup, AdAware, TrojanHunter, etc.), and all went well until after a restart after a TrojanHunter scan. The Freepod problem re-occurred, and a Trojan alert came up with this in the window: TrojanDropper.Tesys.100

I cleaned what it found (a couple of times, and restarted), and this is what it said after the clean:

Unable to get a handle to process 2184 (C:\Program Files\Common Files\mc-62-602-0000156.exe)
Unable to rename file C:\Program Files\Common Files\mc-62-602-0000156.exe (The process cannot access the file because it is being used by another process). Scheduling file to be renamed on reboot
Trojan cleaning finished.

Here is the Hijack file log:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:40 PM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\lockx.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mmjb.musicmat...ANG=ENU&Grant=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rhbogwjt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [oqcwjtp] c:\windows\system32\umajoy.exe
O4 - HKLM\..\Run: [strtas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-62-602-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-62-602-0000156.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {9DF2D8EF-B05D-4C2F-8C0D-925624146983} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D430D251-C811-4CAD-8D4A-7E9DEAF6708D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {E50E869F-5F0D-461A-AC03-2C1B4F78D545} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://dc2.d127.org/kxhcm10.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.c...et/applet_o.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hope I've done everything I was supposed to so far--thanks so much for any assistance you can offer.
Cindy (singer1993)
  • 0

Advertisements

#2
P3-450
Posted 03 October 2005 - 08:40 AM

P3-450

    Visiting Staff

  • Member
  • PipPipPip
  • 242 posts
Hello singer1993, welcome to G2G :tazz:

First let's do the below

Please go here and click on Scan Now, its Free

Select your country.

Then click on Start Free Scan Now and do a Virus scan.

==============

Now download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

=============


Reboot and post back a new Hijackthis log and the report from Ewido :)

Edited by P3-450, 03 October 2005 - 08:41 AM.

  • 0

#3
singer1993
Posted 07 October 2005 - 08:43 PM

singer1993

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks *so much* for your help--what an invaluable website.

Thankfully, Freepod.com no longer comes up at startup (and the p*rn file that came with it, it was from an AIM link that got sent to my daughter), but there is still something here that is very persistent.

Here is the ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:14:48 PM, 10/7/2005
+ Report-Checksum: 513266E2

+ Scan result:

HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historycompare_item -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-2658524170-1420592788-619799861-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\DownloadWare -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Hopper -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config\button0 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config\button1 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config\button2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config\button3 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\Config\KeyWordFreqCap -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607D-D204-42C7-8E46-216055BF9918} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} -> Spyware.SmartPops : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Pynix -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\salm -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1009\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-2658524170-1420592788-619799861-1010\Software\DNS -> Adware.Shorty : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Conor\Application Data\Mozilla\Firefox\Profiles\tjk6pr73.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Meghan\Application Data\Mozilla\Firefox\Profiles\4gg7v8a7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\meghan@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\meghan@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\meghan@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\meghan@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Meghan\Cookies\meghan@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Michael\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Michael\Start Menu\Programs\Power Scan\Power Scan.lnk -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\__delete_on_reboot__services.exe -> Spyware.Maxifiles : Cleaned with backup


::Report End

Here is the HIjack report after I finished everything:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:51 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mmjb.musicmat...ANG=ENU&Grant=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rhbogwjt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [oqcwjtp] c:\windows\system32\umajoy.exe
O4 - HKLM\..\Run: [strtas] lockx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-99-829-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-99-829-0000156.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {9DF2D8EF-B05D-4C2F-8C0D-925624146983} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D430D251-C811-4CAD-8D4A-7E9DEAF6708D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {E50E869F-5F0D-461A-AC03-2C1B4F78D545} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://dc2.d127.org/kxhcm10.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.c...et/applet_o.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


After I rebooted, this is what came up at startup (alert thru TrojanHunter):

Terminated trojan process 3468 (C:\Program Files\Common Files\mc-99-829-0000156.exe)

Trying filename C:\Program Files\Common Files\mc-99-829-0000156.exe4256.tcf
Unable to rename file C:\Program Files\Common Files\mc-99-829-0000156.exe (The process cannot access the file because it is being used by another process). Scheduling file to be renamed on reboot
Trojan cleaning finished.


Thanks again for your time, it is greatly appreciated.

singer1993
  • 0

#4
P3-450
Posted 08 October 2005 - 03:48 PM

P3-450

    Visiting Staff

  • Member
  • PipPipPip
  • 242 posts
Hello

===============

Download the Adware.Istbar removal utility from Symantec and following the instructions on the same page.

===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u freeprod.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)

O4 - HKLM\..\Run: [OSS] C:\WINDOWS\System32\ossproxy.exe -boot
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rhbogwjt.exe
O4 - HKLM\..\Run: [oqcwjtp] c:\windows\system32\umajoy.exe
O4 - HKLM\..\Run: [strtas] lockx.exe
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-99-829-0000156.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-99-829-0000156.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\FREEPR~1
C:\Program Files\ISTsvc


files...

C:\WINDOWS\System32\ossproxy.exe
c:\windows\system32\umajoy.exe
C:\WINDOWS\system32\svphost.exe
C:\Program Files\Common Files\Windows\mc-99-829-0000156.exe
C:\Program Files\Common Files\mc-99-829-0000156.exe

Search for...

lockx.exe
scvvhost.exe Please type this correctly as there is a legit file with a similar name (svchost.exe)

...using "Start | Search...".

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============



Reboot back into normal mode and post back a fresh Hijackthis log :tazz:
  • 0

#5
singer1993
Posted 10 October 2005 - 08:14 PM

singer1993

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the latest Hijackthis log after all instructions were followed:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:13 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mmjb.musicmat...ANG=ENU&Grant=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {9DF2D8EF-B05D-4C2F-8C0D-925624146983} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {D430D251-C811-4CAD-8D4A-7E9DEAF6708D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {E50E869F-5F0D-461A-AC03-2C1B4F78D545} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://dc2.d127.org/kxhcm10.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.c...et/applet_o.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks, and hopefully this looks clean now--

singer1993
  • 0

#6
P3-450
Posted 10 October 2005 - 08:54 PM

P3-450

    Visiting Staff

  • Member
  • PipPipPip
  • 242 posts
Congrats, Your log is now clean :tazz:

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#7
P3-450
Posted 17 October 2005 - 08:39 AM

P3-450

    Visiting Staff

  • Member
  • PipPipPip
  • 242 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP