Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Skymasters.biz hijacker [CLOSED]


  • This topic is locked This topic is locked

#1
BauerDude212

BauerDude212

    New Member

  • Member
  • Pip
  • 4 posts
Hello. This is my first time here and I would like you to remove a browser hijacker I have.

Every so often (3-4 times an hour) a popup in italian pops up. After clicking Ok (only option), it resets my homepage to skymasters.biz and makes my browser open a new window (usually pornographic). My browser opens new windows (usually with adult content) about once every 20 minutes, unprompted.

I have posted a log of HiJack This to assist you in finding the cause of my problems.

Thank you in advance. Great website you have running!!

-Ryan



iLogfile of HijackThis v1.99.1
Scan saved at 04:27:32 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Archive\archive.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan Rocha\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\system32\prflbmsgp32.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {43D54616-256C-43A4-AC5C-35193CE5ADB6} - C:\WINDOWS\System32\dbfjpa.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: C:\WINDOWS\q4362578_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q4362578_disk.dll
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [msc] C:\Documents and Settings\Ryan Rocha\Desktop\AIM\bluedeath\bluedeath\
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\fjqcycd.exe
O4 - HKLM\..\Run: [oankvz] C:\WINDOWS\system32\khutld.exe
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Ryan Rocha\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Ryan Rocha\Desktop\framxpro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [IMHider] C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\Temporary Directory 3 for IMHider.zip\IMHider
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\smartprotectorpro.exe" /stealt
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: BroadBand Connection.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: RapidShare-Download - res://C:\Documents and Settings\Ryan Rocha\Desktop\rapidshare\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://mrsupergames....msg-toolbar.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4062AB0-005B-4F91-AAE5-F31C7165861B}: NameServer = 151.198.0.39 151.197.0.39
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q3679484_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q4362578_disk.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  • 0

Advertisements


#2
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hello BauerDude212
Welcome to Geeks to go

I would like to run an automated scan to help in this cleanup.
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed,
  • Reboot into safe mode, Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Open spysweeper and click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
If you would please, rescan with HijackThis and post a fresh log along with the spysweeper log in this same topic, and let us know how your system's working. :)

Andy :tazz:

Edited by andydf, 20 October 2005 - 01:32 PM.

  • 0

#3
BauerDude212

BauerDude212

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for taking the topic! I ran your ewido scan, but sadly my skymasters.biz hijacker is still here. Same symptoms as my original post. I provided a sacn of HiJackThis and Ewido Security Suite so you can see where to go from now. Thanks again

-BD212

EDIT: You changed the program I should use? Okay, I'll get that scan going and have the results here ASAP


Logfile of HijackThis v1.99.1
Scan saved at 12:14:44 AM, on 10/14/2005 (Note:Time Not Correct)
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Ryan Rocha\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\system32\prflbmsgp32.dll (file missing)
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {43D54616-256C-43A4-AC5C-35193CE5ADB6} - C:\WINDOWS\System32\dbfjpa.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: C:\WINDOWS\q4362578_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q4362578_disk.dll (file missing)
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [msc] C:\Documents and Settings\Ryan Rocha\Desktop\AIM\bluedeath\bluedeath\
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\fjqcycd.exe
O4 - HKLM\..\Run: [oankvz] C:\WINDOWS\system32\khutld.exe
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Ryan Rocha\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [vojaryb] C:\WINDOWS\vojaryb.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Ryan Rocha\Desktop\framxpro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [IMHider] C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\Temporary Directory 3 for IMHider.zip\IMHider
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\smartprotectorpro.exe" /stealt
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: BroadBand Connection.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: RapidShare-Download - res://C:\Documents and Settings\Ryan Rocha\Desktop\rapidshare\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://mrsupergames....msg-toolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4062AB0-005B-4F91-AAE5-F31C7165861B}: NameServer = 151.198.0.39 151.197.0.39
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q3679484_disk.dll (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\q4362578_disk.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:31:12 AM, 10/14/2005 (Note: Time Not Correct)
+ Report-Checksum: B0DFEDC6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned without backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\HbTools -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\HbTools\PI -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\Hotbar -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ASYCFILT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/COMCAT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/MSINET.OCX\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvbvm60.dll\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEAUT32.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/STDOLE2.TLB\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned without backup
HKU\S-1-5-21-1292428093-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned without backup
HKU\S-1-5-21-1292428093-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned without backup
HKU\S-1-5-21-1292428093-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned without backup
HKU\S-1-5-21-1292428093-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D4F3-F66DA787AD2D} -> Spyware.PowerSearch : Cleaned without backup
[244] C:\WINDOWS\q3679484_disk.dll -> TrojanDownloader.Delf.wp : Cleaned without backup
[816] C:\WINDOWS\q4362578_disk.dll -> TrojanDownloader.Delf.h : Cleaned without backup
C:\Documents and Settings\Alina Rocha\Local Settings\Temp\30774.exe -> Dialer.Generic : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Ryan Rocha\Application Data\Mozilla\Firefox\Profiles\mc4m96j7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.15:C:\Documents and Settings\Ryan Rocha\Application Data\Mozilla\Firefox\Profiles\mc4m96j7.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
:mozilla.16:C:\Documents and Settings\Ryan Rocha\Application Data\Mozilla\Firefox\Profiles\mc4m96j7.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@com[2].txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@e-2dj6wfk4umdpcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@e-2dj6wjlycld5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Cookies\ryan rocha@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Desktop\idiots\SurfOffline[2].v1.4.1.27.WinALL-BLiZZARD\cracker.exe -> TrojanDownloader.IstBar.lu : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Desktop\idiots\SurfOffline[2].v1.4.1.27.WinALL-BLiZZARD.ZIP/cracker.exe -> TrojanDownloader.IstBar.lu : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Desktop\Pesci\serv.exe -> Not-A-Virus.HackTool.Tambu : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\10968.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\12688.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\13657.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\1369.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\15894.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\159.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\17280.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\18313.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\18957.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\20309.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\21609.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\23990.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\26773.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\27853.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\27894.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\2801.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\28278.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\28394.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\28621.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\32463.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\3870.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\3916.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\4087.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\605.exe -> Dialer.Generic : Cleaned without backup
C:\Documents and Settings\Ryan Rocha\Local Settings\Temp\6344.exe -> Dialer.Generic : Cleaned without backup
C:\Program Files\Alcohol Soft\Alcohol 120\Regpatch.exe -> Trojan.Small.cr : Cleaned without backup
C:\Program Files\Archive\archive.exe -> TrojanDownloader.Agent.fk : Cleaned without backup
C:\WINDOWS\adsldpbc.dll -> TrojanDownloader.Delf.lh : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\AUTO_4289_N.exe -> Dialer.Generic : Cleaned without backup
C:\WINDOWS\q247533718_disk.dll -> TrojanDownloader.Delf.h : Cleaned without backup
C:\WINDOWS\q3679484_disk.dll -> TrojanDownloader.Delf.wp : Cleaned without backup
C:\WINDOWS\q3727375_disk.dll -> TrojanDownloader.Delf.h : Cleaned without backup
C:\WINDOWS\q4362578_disk.dll -> TrojanDownloader.Delf.h : Cleaned without backup
C:\WINDOWS\system32\checkIn.dll -> Dialer.Generic : Cleaned without backup
C:\WINDOWS\system32\nsk7.tmp -> Spyware.HideOne : Cleaned without backup
C:\WINDOWS\system32\prflbmsgp32.dll -> TrojanDownloader.Delf.vt : Cleaned without backup
C:\WINDOWS\vojaryb.exe.tcf -> Spyware.180Solutions : Cleaned without backup


::Report End
  • 0

#4
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi
You must have reacted very quickly, I edited the post within 15min of posting :)
I need you to run spysweeper as it is capable of cleaning other problems on your pc, please follow my instructions in my previous post. :woot:

Andy :tazz:
  • 0

#5
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP