Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer, trojanspy.Agent.hn, Spyware.Virtumonde


  • Please log in to reply

#1
DarkOracle25

DarkOracle25

    New Member

  • Member
  • Pip
  • 3 posts
Ok, ive run all the spyware programs. here are the scan results:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:29:50 PM, 10/30/2005
+ Report-Checksum: 941CD87D

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UWH53J3Z\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\__delete_on_reboot__nd2fnbar.dll -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0006985A -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0F76EB46 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\settings.dat -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\settings.htm -> Spyware.Need2Find : Cleaned with backup
C:\WINDOWS\AppPatch\tcpcat.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\pmnno.dll -> TrojanDownloader.ConHook.k : Cleaned with backup
C:\WINDOWS\system32\sstqq.dll -> TrojanSpy.Agent.hn : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 6:58:06 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\AppPatch\tcpcat.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [wiavideo] C:\WINDOWS\System32\wiavideo.exe
O4 - HKCU\..\Run: [lfdgn13n] C:\WINDOWS\System32\lfdgn13n.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130713380359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\SYSTEM32\sstqq.dll
O20 - Winlogon Notify: tcpcat - C:\WINDOWS\AppPatch\tcpcat.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
brendandonhue

brendandonhue

    Member

  • Member
  • PipPipPip
  • 180 posts
Edited if you want to help people remove malware of there computers then please join Geeku http://www.geekstogo...?showtopic=4817

Edited by therock247uk, 30 October 2005 - 07:12 PM.

  • 0

#3
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply, as well as a new HijackThis log.
Danny :tazz:
  • 0

#4
DarkOracle25

DarkOracle25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sorry it took so long... i go out of town during the week. here are the codes.


********
10:32 AM: | Start of Session, Friday, November 04, 2005 |
10:32 AM: Spy Sweeper started
10:32 AM: Sweep initiated using definitions version 564
10:32 AM: Starting Memory Sweep
10:34 AM: Found Adware: virtumonde
10:34 AM: Detected running threat: C:\WINDOWS\AppPatch\tcpcat.dll (ID = 77)
10:43 AM: Memory Sweep Complete, Elapsed Time: 00:10:42
10:43 AM: Starting Registry Sweep
10:44 AM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749140)
10:44 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749160)
10:44 AM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749166)
10:44 AM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\ (1 subtraces) (ID = 749172)
10:44 AM: Found Trojan Horse: trojan-downloader-conhook
10:44 AM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
10:44 AM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
10:44 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
10:44 AM: Registry Sweep Complete, Elapsed Time:00:00:54
10:44 AM: Starting Cookie Sweep
10:44 AM: Found Spy Cookie: websponsors cookie
10:44 AM: owner@a.websponsors[2].txt (ID = 3665)
10:44 AM: Found Spy Cookie: about cookie
10:44 AM: owner@about[2].txt (ID = 2037)
10:44 AM: Found Spy Cookie: yieldmanager cookie
10:44 AM: owner@ad.yieldmanager[1].txt (ID = 3751)
10:44 AM: Found Spy Cookie: adecn cookie
10:44 AM: owner@adecn[2].txt (ID = 2063)
10:44 AM: Found Spy Cookie: adknowledge cookie
10:44 AM: owner@adknowledge[2].txt (ID = 2072)
10:44 AM: Found Spy Cookie: adlegend cookie
10:44 AM: owner@adlegend[1].txt (ID = 2074)
10:44 AM: Found Spy Cookie: adrevolver cookie
10:44 AM: owner@adrevolver[2].txt (ID = 2088)
10:44 AM: owner@adrevolver[3].txt (ID = 2088)
10:44 AM: Found Spy Cookie: cc214142 cookie
10:44 AM: owner@ads.cc214142[2].txt (ID = 2367)
10:44 AM: Found Spy Cookie: pointroll cookie
10:44 AM: owner@ads.pointroll[1].txt (ID = 3148)
10:44 AM: Found Spy Cookie: adultfriendfinder cookie
10:44 AM: owner@adultfriendfinder[2].txt (ID = 2165)
10:44 AM: Found Spy Cookie: ask cookie
10:44 AM: owner@ask[2].txt (ID = 2245)
10:44 AM: Found Spy Cookie: belnk cookie
10:44 AM: owner@ath.belnk[2].txt (ID = 2293)
10:44 AM: Found Spy Cookie: atwola cookie
10:44 AM: owner@atwola[1].txt (ID = 2255)
10:44 AM: Found Spy Cookie: azjmp cookie
10:44 AM: owner@azjmp[1].txt (ID = 2270)
10:44 AM: Found Spy Cookie: banner cookie
10:44 AM: owner@banner[1].txt (ID = 2276)
10:44 AM: owner@belnk[2].txt (ID = 2292)
10:44 AM: Found Spy Cookie: bizrate cookie
10:44 AM: owner@bizrate[1].txt (ID = 2308)
10:44 AM: Found Spy Cookie: bluestreak cookie
10:44 AM: owner@bluestreak[2].txt (ID = 2314)
10:44 AM: Found Spy Cookie: casalemedia cookie
10:44 AM: owner@casalemedia[2].txt (ID = 2354)
10:44 AM: Found Spy Cookie: centrport net cookie
10:44 AM: owner@centrport[1].txt (ID = 2374)
10:44 AM: Found Spy Cookie: commission junction cookie
10:44 AM: owner@cj[1].txt (ID = 2453)
10:44 AM: Found Spy Cookie: did-it cookie
10:44 AM: owner@did-it[1].txt (ID = 2523)
10:44 AM: Found Spy Cookie: directtrack cookie
10:44 AM: owner@directtrack[1].txt (ID = 2527)
10:44 AM: owner@dist.belnk[1].txt (ID = 2293)
10:44 AM: Found Spy Cookie: empnads cookie
10:44 AM: owner@empnads[2].txt (ID = 5012)
10:44 AM: Found Spy Cookie: clickandtrack cookie
10:44 AM: owner@hits.clickandtrack[2].txt (ID = 2397)
10:44 AM: Found Spy Cookie: howstuffworks cookie
10:44 AM: owner@howstuffworks[2].txt (ID = 2805)
10:44 AM: Found Spy Cookie: mashka cookie
10:44 AM: owner@mashka[1].txt (ID = 2949)
10:44 AM: Found Spy Cookie: nextag cookie
10:44 AM: owner@nextag[2].txt (ID = 5014)
10:44 AM: owner@niteflirt.directtrack[2].txt (ID = 2528)
10:44 AM: Found Spy Cookie: passion cookie
10:44 AM: owner@passion[2].txt (ID = 3113)
10:44 AM: Found Spy Cookie: paycounter cookie
10:44 AM: owner@paycounter[1].txt (ID = 3115)
10:44 AM: Found Spy Cookie: peel network cookie
10:44 AM: owner@peel[2].txt (ID = 3127)
10:44 AM: Found Spy Cookie: questionmarket cookie
10:44 AM: owner@questionmarket[1].txt (ID = 3217)
10:44 AM: Found Spy Cookie: realmedia cookie
10:44 AM: owner@realmedia[2].txt (ID = 3235)
10:44 AM: Found Spy Cookie: reunion cookie
10:44 AM: owner@reunion[1].txt (ID = 3255)
10:44 AM: Found Spy Cookie: tvguide cookie
10:44 AM: owner@rsi.tvguide[1].txt (ID = 3600)
10:44 AM: owner@sdc.tvguide[1].txt (ID = 3600)
10:44 AM: Found Spy Cookie: serving-sys cookie
10:44 AM: owner@serving-sys[1].txt (ID = 3343)
10:44 AM: Found Spy Cookie: dealtime cookie
10:44 AM: owner@stat.dealtime[2].txt (ID = 2506)
10:44 AM: Found Spy Cookie: reliablestats cookie
10:44 AM: owner@stats1.reliablestats[1].txt (ID = 3254)
10:44 AM: Found Spy Cookie: tradedoubler cookie
10:44 AM: owner@tradedoubler[1].txt (ID = 3575)
10:44 AM: Found Spy Cookie: trafficmp cookie
10:44 AM: owner@trafficmp[2].txt (ID = 3581)
10:44 AM: owner@tvguide[2].txt (ID = 3599)
10:44 AM: Found Spy Cookie: adminder cookie
10:44 AM: owner@www.adminder[2].txt (ID = 2079)
10:44 AM: Found Spy Cookie: clickxchange adware cookie
10:44 AM: owner@www.clickxchange[1].txt (ID = 2409)
10:44 AM: Found Spy Cookie: eroticy cookie
10:44 AM: owner@www.eroticy[1].txt (ID = 2624)
10:44 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
10:44 AM: Starting File Sweep
10:47 AM: Found Adware: lopdotcom
10:47 AM: epurcmainver05.dll (ID = 111426)
10:59 AM: comver.dll (ID = 111424)
11:10 AM: Warning: Failed to read file "c:\program files\online services\aol80ca\comp01.000". System Error. Code: 8.
Not enough storage is available to process this command
11:10 AM: Warning: Failed to read file "c:\program files\online services\aol90us\comp01.000". System Error. Code: 8.
Not enough storage is available to process this command
11:10 AM: Warning: Failed to read file "c:\program files\online services\aol90us\comp02.000". System Error. Code: 8.
Not enough storage is available to process this command
11:17 AM: Warning: Failed to read file "c:\documents and settings\owner\desktop\sonic.exe". System Error. Code: 8.
Not enough storage is available to process this command
11:19 AM: Found Trojan Horse: gloogle downloader
11:19 AM: counter.inf (ID = 61782)
11:19 AM: Found Adware: gain-supported software
11:19 AM: bundle.inf (ID = 61287)
11:21 AM: File Sweep Complete, Elapsed Time: 00:36:55
11:21 AM: Full Sweep has completed. Elapsed time 00:48:52
11:21 AM: Traces Found: 91
11:28 AM: Removal process initiated
11:28 AM: Quarantining All Traces: lopdotcom
11:28 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine lopdotcom
11:29 AM: Failed to quarantine epurcmainver05.dll
11:29 AM: Failed to quarantine comver.dll
11:29 AM: Quarantining All Traces: gain-supported software
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine gain-supported software
11:29 AM: Failed to quarantine bundle.inf
11:29 AM: Quarantining All Traces: gloogle downloader
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine gloogle downloader
11:29 AM: Failed to quarantine counter.inf
11:29 AM: Quarantining All Traces: trojan-downloader-conhook
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine trojan-downloader-conhook
11:29 AM: Failed to quarantine HKLM: software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\
11:29 AM: Failed to quarantine clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\
11:29 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\
11:29 AM: Quarantining All Traces: virtumonde
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine virtumonde
11:29 AM: Failed to quarantine clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\
11:29 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\
11:29 AM: Failed to quarantine HKLM: software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\
11:29 AM: Failed to quarantine HKLM: software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\
11:29 AM: Failed to quarantine C:\WINDOWS\AppPatch\tcpcat.dll
11:29 AM: Quarantining All Traces: about cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine about cookie
11:29 AM: Failed to quarantine owner@about[2].txt
11:29 AM: Quarantining All Traces: adecn cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adecn cookie
11:29 AM: Failed to quarantine owner@adecn[2].txt
11:29 AM: Quarantining All Traces: adknowledge cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adknowledge cookie
11:29 AM: Failed to quarantine owner@adknowledge[2].txt
11:29 AM: Quarantining All Traces: adlegend cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adlegend cookie
11:29 AM: Failed to quarantine owner@adlegend[1].txt
11:29 AM: Quarantining All Traces: adminder cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adminder cookie
11:29 AM: Failed to quarantine owner@www.adminder[2].txt
11:29 AM: Quarantining All Traces: adrevolver cookie
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adrevolver cookie
11:29 AM: Failed to quarantine owner@adrevolver[2].txt
11:29 AM: Failed to quarantine owner@adrevolver[3].txt
11:29 AM: Quarantining All Traces: adultfriendfinder cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine adultfriendfinder cookie
11:29 AM: Failed to quarantine owner@adultfriendfinder[2].txt
11:29 AM: Quarantining All Traces: ask cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine ask cookie
11:29 AM: Failed to quarantine owner@ask[2].txt
11:29 AM: Quarantining All Traces: atwola cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine atwola cookie
11:29 AM: Failed to quarantine owner@atwola[1].txt
11:29 AM: Quarantining All Traces: azjmp cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine azjmp cookie
11:29 AM: Failed to quarantine owner@azjmp[1].txt
11:29 AM: Quarantining All Traces: banner cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine banner cookie
11:29 AM: Failed to quarantine owner@banner[1].txt
11:29 AM: Quarantining All Traces: belnk cookie
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine belnk cookie
11:29 AM: Failed to quarantine owner@ath.belnk[2].txt
11:29 AM: Failed to quarantine owner@belnk[2].txt
11:29 AM: Failed to quarantine owner@dist.belnk[1].txt
11:29 AM: Quarantining All Traces: bizrate cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine bizrate cookie
11:29 AM: Failed to quarantine owner@bizrate[1].txt
11:29 AM: Quarantining All Traces: bluestreak cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine bluestreak cookie
11:29 AM: Failed to quarantine owner@bluestreak[2].txt
11:29 AM: Quarantining All Traces: casalemedia cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine casalemedia cookie
11:29 AM: Failed to quarantine owner@casalemedia[2].txt
11:29 AM: Quarantining All Traces: cc214142 cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine cc214142 cookie
11:29 AM: Failed to quarantine owner@ads.cc214142[2].txt
11:29 AM: Quarantining All Traces: centrport net cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine centrport net cookie
11:29 AM: Failed to quarantine owner@centrport[1].txt
11:29 AM: Quarantining All Traces: clickandtrack cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine clickandtrack cookie
11:29 AM: Failed to quarantine owner@hits.clickandtrack[2].txt
11:29 AM: Quarantining All Traces: clickxchange adware cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine clickxchange adware cookie
11:29 AM: Failed to quarantine owner@www.clickxchange[1].txt
11:29 AM: Quarantining All Traces: commission junction cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine commission junction cookie
11:29 AM: Failed to quarantine owner@cj[1].txt
11:29 AM: Quarantining All Traces: dealtime cookie
11:29 AM: Warning: Out of memory
11:29 AM: Failed to quarantine dealtime cookie
11:29 AM: Failed to quarantine owner@stat.dealtime[2].txt
11:29 AM: Quarantining All Traces: did-it cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine did-it cookie
11:29 AM: Failed to quarantine owner@did-it[1].txt
11:29 AM: Quarantining All Traces: directtrack cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine directtrack cookie
11:29 AM: Failed to quarantine owner@directtrack[1].txt
11:29 AM: Failed to quarantine owner@niteflirt.directtrack[2].txt
11:29 AM: Quarantining All Traces: empnads cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine empnads cookie
11:29 AM: Failed to quarantine owner@empnads[2].txt
11:29 AM: Quarantining All Traces: eroticy cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine eroticy cookie
11:29 AM: Failed to quarantine owner@www.eroticy[1].txt
11:29 AM: Quarantining All Traces: howstuffworks cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine howstuffworks cookie
11:29 AM: Failed to quarantine owner@howstuffworks[2].txt
11:29 AM: Quarantining All Traces: mashka cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine mashka cookie
11:29 AM: Failed to quarantine owner@mashka[1].txt
11:29 AM: Quarantining All Traces: nextag cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine nextag cookie
11:29 AM: Failed to quarantine owner@nextag[2].txt
11:29 AM: Quarantining All Traces: passion cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine passion cookie
11:29 AM: Failed to quarantine owner@passion[2].txt
11:29 AM: Quarantining All Traces: paycounter cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine paycounter cookie
11:29 AM: Failed to quarantine owner@paycounter[1].txt
11:29 AM: Quarantining All Traces: peel network cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine peel network cookie
11:29 AM: Failed to quarantine owner@peel[2].txt
11:29 AM: Quarantining All Traces: pointroll cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine pointroll cookie
11:29 AM: Failed to quarantine owner@ads.pointroll[1].txt
11:29 AM: Quarantining All Traces: questionmarket cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine questionmarket cookie
11:29 AM: Failed to quarantine owner@questionmarket[1].txt
11:29 AM: Quarantining All Traces: realmedia cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine realmedia cookie
11:29 AM: Failed to quarantine owner@realmedia[2].txt
11:29 AM: Quarantining All Traces: reliablestats cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine reliablestats cookie
11:29 AM: Failed to quarantine owner@stats1.reliablestats[1].txt
11:29 AM: Quarantining All Traces: reunion cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine reunion cookie
11:29 AM: Failed to quarantine owner@reunion[1].txt
11:29 AM: Quarantining All Traces: serving-sys cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine serving-sys cookie
11:29 AM: Failed to quarantine owner@serving-sys[1].txt
11:29 AM: Quarantining All Traces: tradedoubler cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine tradedoubler cookie
11:29 AM: Failed to quarantine owner@tradedoubler[1].txt
11:29 AM: Quarantining All Traces: trafficmp cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine trafficmp cookie
11:29 AM: Failed to quarantine owner@trafficmp[2].txt
11:29 AM: Quarantining All Traces: tvguide cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine tvguide cookie
11:29 AM: Failed to quarantine owner@rsi.tvguide[1].txt
11:29 AM: Failed to quarantine owner@sdc.tvguide[1].txt
11:29 AM: Failed to quarantine owner@tvguide[2].txt
11:29 AM: Quarantining All Traces: websponsors cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine websponsors cookie
11:29 AM: Failed to quarantine owner@a.websponsors[2].txt
11:29 AM: Quarantining All Traces: yieldmanager cookie
11:29 AM: Warning: lzma: LZMA_Init failed
11:29 AM: Failed to quarantine yieldmanager cookie
11:29 AM: Failed to quarantine owner@ad.yieldmanager[1].txt
11:29 AM: Warning: Timed out waiting for explorer.exe
11:29 AM: Warning: Launched explorer.exe
11:29 AM: Warning: Quarantine process could not restart Explorer.
11:29 AM: Warning: Thread Error: The handle is invalid (6)
11:29 AM: Warning: Thread Error: The handle is invalid (6)
11:30 AM: Removal process completed. Elapsed time 00:02:23
********
10:29 AM: | Start of Session, Friday, November 04, 2005 |
10:29 AM: Spy Sweeper started
10:31 AM: Your spyware definitions have been updated.
10:31 AM: Your definitions are up to date.
10:31 AM: Updating spyware definitions
10:31 AM: Your definitions are up to date.
10:31 AM: Updating spyware definitions
10:31 AM: Your definitions are up to date.
10:32 AM: | End of Session, Friday, November 04, 2005 |


Logfile of HijackThis v1.99.1
Scan saved at 12:16:59 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\AppPatch\tcpcat.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [wiavideo] C:\WINDOWS\System32\wiavideo.exe
O4 - HKCU\..\Run: [lfdgn13n] C:\WINDOWS\System32\lfdgn13n.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130713380359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sstqq - C:\WINDOWS\SYSTEM32\sstqq.dll
O20 - Winlogon Notify: tcpcat - C:\WINDOWS\AppPatch\tcpcat.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#5
DarkOracle25

DarkOracle25

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
If anyone out there knows anything about this i would appreciate the help. I'm afraid that if i see these popups anymore... i might pull the rest of my hair out. Now i dont want to have to do that. Thats just senseless. So please please please help me. :tazz:
  • 0

#6
Danny

Danny

    Visiting Staff

  • Member
  • PipPipPip
  • 684 posts
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\system32\sstqq.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:


  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\qqtss.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:


    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqq.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\AppPatch\tcpcat.dll (file missing)
    O4 - HKCU\..\Run: [wiavideo] C:\WINDOWS\System32\wiavideo.exe
    O4 - HKCU\..\Run: [lfdgn13n] C:\WINDOWS\System32\lfdgn13n.exe
    O20 - Winlogon Notify: sstqq - C:\WINDOWS\SYSTEM32\sstqq.dll
    O20 - Winlogon Notify: tcpcat - C:\WINDOWS\AppPatch\tcpcat.dll (file missing)


  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Next, please enable viewing of hidden files as follows:

1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked


Locate the following files, and delete them:

C:\WINDOWS\System32\wiavideo.exe
C:\WINDOWS\System32\lfdgn13n.exe

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Danny :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP