Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mediatickets25.com [RESOLVED]


  • This topic is locked This topic is locked

#1
Brenda Williams

Brenda Williams

    New Member

  • Member
  • Pip
  • 7 posts
Please Help! I need to desperately remove some Spyware/Adware programs; one which is mediatickets35.com/html. I have run every Free program available - nothing is removing it. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:38:23 PM, on 11/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\DAS.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINNT\system32\lxbscoms.exe
C:\WINNT\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\Programs_old\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrintWhere Router 2.6] C:\Program Files\PrinterOn Corporation\Internet PrintWhere 2.6\PWCCRT26.EXE
O4 - HKLM\..\Run: [Windows DLL Service] C:\windll32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.inroads.org/iNotes6.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BrioPlatform1_incisive01_incisive01_1800 (BPS BrioPlatform1_incisive01_incisive01_1800) - Unknown owner - C:\Program Files\Brio\Brio8\BrioPlatform\bin\RMService8.exe
O23 - Service: BrioPlatform1_BI1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: BrioPlatform1_DAS1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: dlbt_device - Dell - C:\WINNT\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: JRun Admin Server (JRun Admin) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Admin" "admin (file missing)
O23 - Service: JRun Default Server (JRun Default) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Default" "default (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


Any assistance is greatly appreciated.
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have not resolved my problem. Attached below is my "fresh" log:

Logfile of HijackThis v1.99.1
Scan saved at 4:44:01 PM, on 11/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\DAS.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINNT\system32\lxbscoms.exe
C:\WINNT\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Administrator\My Documents\Programs_old\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrintWhere Router 2.6] C:\Program Files\PrinterOn Corporation\Internet PrintWhere 2.6\PWCCRT26.EXE
O4 - HKLM\..\Run: [Windows DLL Service] C:\windll32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.inroads.org/iNotes6.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BrioPlatform1_incisive01_incisive01_1800 (BPS BrioPlatform1_incisive01_incisive01_1800) - Unknown owner - C:\Program Files\Brio\Brio8\BrioPlatform\bin\RMService8.exe
O23 - Service: BrioPlatform1_BI1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: BrioPlatform1_DAS1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: dlbt_device - Dell - C:\WINNT\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: JRun Admin Server (JRun Admin) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Admin" "admin (file missing)
O23 - Service: JRun Default Server (JRun Default) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Default" "default (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#4
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have not been able to resolve this problem. Here is my 'fresh' log -->
Logfile of HijackThis v1.99.1
Scan saved at 4:44:01 PM, on 11/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\DAS.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINNT\system32\lxbscoms.exe
C:\WINNT\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Administrator\My Documents\Programs_old\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrintWhere Router 2.6] C:\Program Files\PrinterOn Corporation\Internet PrintWhere 2.6\PWCCRT26.EXE
O4 - HKLM\..\Run: [Windows DLL Service] C:\windll32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.inroads.org/iNotes6.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BrioPlatform1_incisive01_incisive01_1800 (BPS BrioPlatform1_incisive01_incisive01_1800) - Unknown owner - C:\Program Files\Brio\Brio8\BrioPlatform\bin\RMService8.exe
O23 - Service: BrioPlatform1_BI1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: BrioPlatform1_DAS1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: dlbt_device - Dell - C:\WINNT\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: JRun Admin Server (JRun Admin) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Admin" "admin (file missing)
O23 - Service: JRun Default Server (JRun Default) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Default" "default (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#5
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download the FixMytob.exe file from: http://securityrespo...er/FixMytob.exe
Save the file to your desktop.

Disconnect from the Internet and double click on FixMytob.exe to run the tool.
Reboot your computer and then run the tool again.


Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There may be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.
  • 0

#6
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I finally finished running those suggestions. First I ran FixMytob.exe. Here is the log:

Symantec W32.Mytob Removal Tool 1.30.0

W32.Mytob has not been found on your computer.
This software also gave this message at the end of the scan: "Run the following: microsoft.com/technet/security/bulletin/ms04-011.mspx and
microsoft.com/technet/security/bulletin/ms03-026.mspx
I downloaded both.

Next I ran Panda Virus Scan --> The message at the end "malicious software has been found. See saved file -->


Incident Status Location

Spyware:spyware/dyfuca No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\cfout.txt
Adware:adware/wintools No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\down.cab
Adware:adware/sidestep No disinfected C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
Adware:adware/savenow No disinfected C:\WINNT\SYSTEM32\ap2nqrd4.dat
Adware:adware/wupd No disinfected C:\WINNT\SYSTEM32\ap9h4qmo.ini
Adware:adware/sahagent No disinfected C:\WINNT\SYSTEM32\bqrufs5f.dat
Dialer:dialer.b No disinfected C:\WINNT\SYSTEM32\svcsysnet32.dll
Adware:adware/delfinmedia No disinfected C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe
Adware:adware/mediatickets No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.TMP\MediaTicketsInstaller.INF
Spyware:spyware/media-motor No disinfected Windows Registry
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.tmp\MediaTicketsInstaller.INF
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\02E88DD8-8732-4E5C-A083-EF4A49\38A7DAAB-8520-464F-96A0-C16408
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\02E88DD8-8732-4E5C-A083-EF4A49\F4EA56D9-ACBD-405D-A67D-75DADC
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0E6747F2-5BD7-452C-BBEC-8EC9BD\579ECF59-BD70-4B25-A848-B82020
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0E6747F2-5BD7-452C-BBEC-8EC9BD\638E2114-1FD2-4B21-96EB-768479
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0F13F4F7-DF39-4963-8682-F75E03\1A22EC21-2E2D-489A-AB60-D4279E
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0F13F4F7-DF39-4963-8682-F75E03\806DAD32-D76E-472D-A491-8C651D
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0F13F4F7-DF39-4963-8682-F75E03\8A5E6A07-E3CD-4005-BD59-51CEE4
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0F13F4F7-DF39-4963-8682-F75E03\FE388EAB-4C5F-44E1-AB2C-716FAC
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\15EC37E8-1E94-4F63-A024-B0FDBF\D4FF6E7F-B084-4445-9B87-C7C1F6
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1A7921B7-6F55-4EA4-959C-7AA64B\5CF3ED55-50E9-476A-93F3-333A0D
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1A7921B7-6F55-4EA4-959C-7AA64B\735D2741-6FC5-4ED9-A0E1-74DBE7
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1A7921B7-6F55-4EA4-959C-7AA64B\9E24A638-06F2-4BF4-87BE-E171B3
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E1E9EAB-0327-4041-B205-A4A01C\4B77550C-CCCD-41DB-B6A9-2EADB4
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E1E9EAB-0327-4041-B205-A4A01C\6C82D01B-259E-4245-A520-2BB078
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E1E9EAB-0327-4041-B205-A4A01C\835B0044-AE97-4BA5-BB7C-C6DF94
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E1E9EAB-0327-4041-B205-A4A01C\C53EE9EC-DC28-4262-A91D-999BB3
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E93E2D1-D88B-44C7-BF2E-BF217E\41ADD935-C7C7-4C46-98B5-693FF2
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E93E2D1-D88B-44C7-BF2E-BF217E\946E64AA-6FBF-4A6A-909C-75E218
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E93E2D1-D88B-44C7-BF2E-BF217E\9BEEBDB4-BEE9-406A-A8CE-09DE92
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E93E2D1-D88B-44C7-BF2E-BF217E\DE99CD8E-8D30-481E-A4C6-527B8F
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1E93E2D1-D88B-44C7-BF2E-BF217E\FA953D60-ADF1-4D03-9E5E-50490D
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\20B9383E-E0FE-49B4-AFAF-CD6366\2D36250C-EC74-4B33-9860-18D33E
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\211F59B2-849B-469F-BD23-8D5E0E\2802151D-C2A4-4527-86F4-DA8912
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\211F59B2-849B-469F-BD23-8D5E0E\93DBC9E3-C09A-4207-8C86-950E61
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2493F821-1691-419A-BCCD-4DE553\0C7ED803-34D5-406F-8E68-B6AC80
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2493F821-1691-419A-BCCD-4DE553\3EDABA3E-8CA9-41DE-BA62-2E0EFF
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2493F821-1691-419A-BCCD-4DE553\4D7F0103-DCB1-444D-AE7B-B824AC
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2493F821-1691-419A-BCCD-4DE553\BAAB9D1C-B9E8-4C92-996A-0ABE22
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2493F821-1691-419A-BCCD-4DE553\C4E006B8-DE3F-444D-9774-83AC89
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\263D3B83-34B5-4D04-AF36-D0FACB\0396FB35-FB0C-4217-AAA7-D492EB
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\263D3B83-34B5-4D04-AF36-D0FACB\4FD1DA09-CCA3-440A-A069-03AE1F
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\263D3B83-34B5-4D04-AF36-D0FACB\A6904E06-F229-4CAF-BA11-DA001D
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\263D3B83-34B5-4D04-AF36-D0FACB\E37D3C01-AA70-4445-9735-6B7085
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2681418C-1DB0-4D98-9C49-049578\1B787BD4-2FA7-45F3-B780-41B2D0
Adware:Adware/MediaTickets No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2774FCDD-32E5-46AE-979B-1889E3\0E5B2AC6-D7C4-41CA-9941-4A5027
Adware:Adware/MediaTickets No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2774FCDD-32E5-46AE-979B-1889E3\34AF39E4-7566-4EE0-8C69-380CC1
Adware:Adware/MediaTickets No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2774FCDD-32E5-46AE-979B-1889E3\E1405FF0-C1A8-4AF3-BB97-313C7C
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\29F5486B-1096-4CE8-933C-1AD13A\07E02C9B-E250-4802-8B2A-6D7669
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\29F5486B-1096-4CE8-933C-1AD13A\176E8379-8BAE-4A84-8412-70AAC3
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\29F5486B-1096-4CE8-933C-1AD13A\20C6A9F7-54D4-4F37-BAD3-F559F0
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\29F5486B-1096-4CE8-933C-1AD13A\613B843A-55FB-4108-B96D-14B7B0
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2FB6E229-B5A1-4A98-9623-4D4A23\ECA8E510-34B9-43DB-B5FB-970D18
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3232391A-357B-4E15-9216-620703\6CDB0A4B-9D77-46B1-8014-34BA48
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3232391A-357B-4E15-9216-620703\826C7D0E-79D0-4BB5-AE4E-E41C48
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3232391A-357B-4E15-9216-620703\D232E906-0020-4714-ADB4-0CF4B0
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\37B1A759-19B6-4602-9E75-99F231
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\38FC1F0A-F103-465E-91DE-1B56D2
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\73198B00-B3D3-42EC-AFFE-D57927
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\A19F7048-774E-4763-99B1-B6E706
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\CBAA7A2A-5255-4DE4-8894-D7000F
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3B0387FB-54A0-4863-829F-75C4B9\F35E0E53-A478-4490-A557-61A820
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3E9CA1E0-2757-4E7F-8A65-A5CCA2\C533BD36-3A3D-4DD6-AD2A-FD7E20
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\47922FE9-7F18-4FA4-8FCA-7C351B\253ED10D-4604-435A-BB69-FD69B5
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\47922FE9-7F18-4FA4-8FCA-7C351B\6E56203E-259A-41CA-86C2-DC68CC
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\47922FE9-7F18-4FA4-8FCA-7C351B\87EF4E58-DE06-4E82-9821-59E831
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4C42143F-7AB4-4AF3-A1C3-4423CD\0C4F9F6A-FFE2-4E19-A6EF-3143BE
Adware:Adware/StickyPops No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5318AC49-7153-4226-915D-CBFCAF\03F825AF-C31B-4FD8-A864-121679
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\546532E5-8EB3-4BD7-96BF-620FE0\001C280E-09ED-4B44-807D-0B5F0B
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5DA770B1-9345-4975-B851-08FF6F\25B0163C-5816-4532-B54F-A8BD30
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5F4A324F-46CC-4748-AEBB-D99B3F\711B2840-0810-4AAC-9053-8213FD
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5F4A324F-46CC-4748-AEBB-D99B3F\ECC0D0F8-5B8C-4F5F-B102-A638DF
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6003F950-0257-4AD4-8BF7-97B249\90548D8C-188F-4D1D-A180-D14FEE
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\63F15658-3324-4820-8BCE-77C9D2\46A11CC7-1483-42B9-B7B9-E6C382
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6611558D-E889-4F25-A654-076C6C\77614153-0DB2-4303-BEDB-A1311C
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B1D6AC7-6A7B-46C6-AF50-AE539A\4785A6E8-8E64-4010-963D-5D0353
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B1D6AC7-6A7B-46C6-AF50-AE539A\6F49FA67-DF86-4B78-B048-2325E4
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B1D6AC7-6A7B-46C6-AF50-AE539A\8F6D96D9-4205-4412-BF05-A9EBB7
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B1D6AC7-6A7B-46C6-AF50-AE539A\9CAA722A-B689-4DFE-A430-D3828F
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B1D6AC7-6A7B-46C6-AF50-AE539A\BB21011A-0CE3-4C06-B165-797EA8
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6C0EF42C-24C2-46EF-A3F5-BFE333\E811F89D-F4CC-4D80-8B90-84A67B
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6C2A6AF4-D674-4ED1-A858-CAF278\EB461202-1F0F-4CE9-B01D-C39465
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6D886366-1B2A-494C-9330-48D49E\05199A3A-1D9A-4099-ABDD-8792ED
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\709CF326-604E-42CD-88C6-4A0D3F\DCCE5F0F-E02F-4097-B7CE-40867D
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\720A7549-1B1C-43F7-AC7C-6E2289\852E5898-061E-40CE-8C7E-097D1A
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\77E09469-6676-4E2B-950D-A94FEA\9DED6B6D-9DFE-4261-ABEE-8404C8
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A227CFD-1EA3-4142-8685-608BC9\1A3EF3FF-5036-4C3B-8AFC-59A0C3
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\36C6D51B-20D5-4E77-9428-99B77B
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\44891FFA-E0C1-4FCD-8B08-268195
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\49263EED-A6E2-464C-A9B8-FF530E
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\5B9BEE47-7726-4E27-8E96-43D7CB
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\A474E52B-B8A4-4DED-8A97-A44CE2
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A6C74C0-20AD-4FE9-9BEA-31028A\D74FD8F2-F911-46E2-8D33-D4ADC8
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7A827AA4-484C-40BB-BAFD-613CD7\E2C969E0-D755-4814-8F30-374A63
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7AA7A448-641B-4451-92DC-0CAD46\171171B1-6766-4791-ABE2-E3A788
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7AA7A448-641B-4451-92DC-0CAD46\8EC2816F-B02F-4752-9A38-4471C4
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\82072424-867A-43CF-989C-226C21\190C2D78-6728-40C2-B771-9839A3
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\82072424-867A-43CF-989C-226C21\92513812-C2E4-4195-AE7B-35B1E5
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\82072424-867A-43CF-989C-226C21\99111B4F-DF4D-4998-9524-CB01FF
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\837B745B-1B2A-4BFA-9FBF-E3EEF1\5A95598C-B025-4B0F-A023-3127A4
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\88A14DDA-8CB9-4366-96DC-C92F9F\6069E485-2D1E-4FEA-BC65-D48F0F
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\88A14DDA-8CB9-4366-96DC-C92F9F\6AED8263-C25A-4858-8AFE-049ABD
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\88A14DDA-8CB9-4366-96DC-C92F9F\6BE965B7-F7A3-4DF6-BF6B-2096BC
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\88A14DDA-8CB9-4366-96DC-C92F9F\CAB141E8-91B9-494B-8BFA-0F7EE2
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\88A14DDA-8CB9-4366-96DC-C92F9F\F70C467A-D65E-4337-A100-69DD7F
Adware:Adware/PurityScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\903E470A-6EA6-4B9A-960F-4D6386\1F791C01-FB47-4256-A03A-DA50D0
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\99C540DB-A33C-47D1-AEA4-92EEB4\B7D9FE74-405C-4364-884D-F07C33
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\99C540DB-A33C-47D1-AEA4-92EEB4\C0B6DFDD-1C1F-4E24-B0E2-6519CF
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\99C540DB-A33C-47D1-AEA4-92EEB4\C7F130A0-5E08-41C6-BB5D-2F3780
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\99C540DB-A33C-47D1-AEA4-92EEB4\DAAEDBC2-683C-4BF4-96F5-B9D14F
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9A4AB886-54AC-42C3-B843-D2C2C9\DCEF7C9A-BC7B-430C-A566-BAF4DF
Adware:Adware/SAHAgent No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A3762652-ED18-44F2-883F-075A3C\31DD6284-4699-479E-BB9E-8BA8F8
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E5A062-7F89-471C-A9D9-AFC58D\113D6440-B0C9-4E4B-BA3E-EDD313
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E5A062-7F89-471C-A9D9-AFC58D\BB223D71-89BA-41B3-9C6F-89CC96
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A93CBE51-0BD4-40D0-BCDB-F0D8AA\7D0F35A6-47EB-40EF-ACD4-704C6E
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A93CBE51-0BD4-40D0-BCDB-F0D8AA\F6D0B838-B599-48D6-BB33-FB08D7
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A9D227DC-DE48-4B21-BD2D-9B244F\935F264D-8074-41E5-9EC0-4FB1E6
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AB6CE75A-E7BC-404E-A5D6-45DB64\0C58D8C2-E540-4E89-9EAD-71AD35
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AF487F79-7DE8-42C3-95A9-825EB9\265CD26F-D751-435C-95E6-A18796
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AF487F79-7DE8-42C3-95A9-825EB9\67AEF67C-DE81-4C1F-8FC3-9E9682
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AF487F79-7DE8-42C3-95A9-825EB9\9961C827-1375-42D3-A25C-62DBD5
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AF487F79-7DE8-42C3-95A9-825EB9\FAAD62E8-3D1C-4EF7-BF60-6E8D90
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2B92AC0-341B-4681-AA18-39A570\653B0C7E-B2FD-418F-8D2F-BD777B
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2B92AC0-341B-4681-AA18-39A570\DB3A32E9-9652-49CA-9ACA-92E983
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B49C228D-78C7-4474-8076-2C6B39\8460AB07-067A-422E-9D1B-6CA3BB
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B4BD0D4B-1223-4550-A396-562BA1\15BFAA74-4FB2-4360-93D2-01828D
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B4BD0D4B-1223-4550-A396-562BA1\D7C52041-ADD0-4319-A09F-A8A6CB
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B5D5AE1F-0D25-4BD0-BA0A-7218BD\09BA2FCC-3F92-41A0-83C5-1B5C22
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B5D5AE1F-0D25-4BD0-BA0A-7218BD\2E8FA23C-C5B1-49F6-B96D-7BEF16
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B5D5AE1F-0D25-4BD0-BA0A-7218BD\8A2F6624-8A4B-41CD-B975-89D7D6
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B5D5AE1F-0D25-4BD0-BA0A-7218BD\C4C760EE-80D2-4AC2-BA07-775A62
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B5D5AE1F-0D25-4BD0-BA0A-7218BD\E66D2346-81BF-4B5E-95EE-0FE06A
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B6E4CDA7-0146-429F-B7A5-66DBAC\58F7DD26-29DF-45A3-A22E-FEE477
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B6E4CDA7-0146-429F-B7A5-66DBAC\8123C1C3-76F0-4A49-8E05-B5FCCE
Adware:Adware/PowerScan No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B99C3F8A-ECDA-4E40-8BA2-2DD808\9676382C-AACD-4C79-B7BB-A0EBCA
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BA0131D3-FF94-4685-B8A6-47C57D\47199A80-E770-47D4-ADB1-263DB8
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BA0131D3-FF94-4685-B8A6-47C57D\590D184F-2D5B-495F-94CB-6D59E0
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BA0131D3-FF94-4685-B8A6-47C57D\5AC6BDCA-618B-4C15-86E5-F6A82F
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BA0131D3-FF94-4685-B8A6-47C57D\E7A768CF-A463-4B56-AB03-C734BF
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\BF826D61-13B5-42F6-9A9E-D52281\09CCCF9C-8C93-46FA-BED7-D87FA5
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C07BDD52-DEB7-4EF5-B0D0-AD1C87\963908B2-2878-455A-93E0-94FA8C
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C07BDD52-DEB7-4EF5-B0D0-AD1C87\DCA40BB9-D279-4314-BC94-94594C
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C3E133FE-C77C-4C16-BC8D-100AF5\08E587D7-DCF4-42A9-A1EC-F29736
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C3E133FE-C77C-4C16-BC8D-100AF5\BE68D0D4-1C28-4FE3-B57E-9B3E2F
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C3E133FE-C77C-4C16-BC8D-100AF5\FC9ABE45-7CEC-4118-BF2D-B51F6A
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C3E133FE-C77C-4C16-BC8D-100AF5\FCD86075-B188-4A45-A313-47FDF5
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C6E22FAE-A671-4D29-B268-A09789\4AFC73D7-A19D-471A-9DBB-B3BFC4
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C6E22FAE-A671-4D29-B268-A09789\618D843A-F416-4160-B744-8A7BAE
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C6E22FAE-A671-4D29-B268-A09789\8F61EC67-ACFC-400C-8ED8-929D61
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C6E22FAE-A671-4D29-B268-A09789\95893BC0-2174-4A66-81DE-877701
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C6E22FAE-A671-4D29-B268-A09789\E847759F-501A-4D28-85C8-82F916
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CC132D37-2087-487F-9C91-DC1138\31DA7BE5-FD88-4DB3-88F7-29EFB5
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CC132D37-2087-487F-9C91-DC1138\5257253C-CBF0-4091-9F44-94E0F7
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CC132D37-2087-487F-9C91-DC1138\A76BA835-1BFA-4FF7-81B2-3868E1
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CC132D37-2087-487F-9C91-DC1138\D67FADE9-8EF1-492D-8C6D-219D59
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\CDE1E0B4-6E5E-4C9D-B29C-752A29\2EA7683D-1BE4-4C6C-9A92-714598
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D401BCF9-4892-4CAA-A2BB-27DABD\27906DB3-6E49-46FD-B47D-47E151
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D401BCF9-4892-4CAA-A2BB-27DABD\9F9F9A02-21DC-46EC-A733-B5E65B
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D401BCF9-4892-4CAA-A2BB-27DABD\A88BCA1F-488E-4584-B823-F91FF5
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D401BCF9-4892-4CAA-A2BB-27DABD\C6BBB5EF-5CB8-4013-A1C0-646DEE
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D401BCF9-4892-4CAA-A2BB-27DABD\ED2865F5-4959-4AFA-ADA9-879A31
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DD0626FD-62E4-4F61-BA4F-88B128\56684356-BE10-4AE0-B958-97BBEF
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DD0626FD-62E4-4F61-BA4F-88B128\AB509BB1-C66B-4602-A5AA-85F1BD
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DD0626FD-62E4-4F61-BA4F-88B128\BFC0743D-9873-402E-8FEC-7CD9C6
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DD0626FD-62E4-4F61-BA4F-88B128\C865E198-23D7-4033-971A-BD2CE1
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DED68CA5-0277-441C-A644-F72F5B\06716031-3863-4998-A373-2550B3
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DED68CA5-0277-441C-A644-F72F5B\52816AE3-BD36-4F4D-ABEE-00DA7D
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DED68CA5-0277-441C-A644-F72F5B\77B7C87E-3F24-46E8-8217-51AE7C
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DED68CA5-0277-441C-A644-F72F5B\BDB82B14-BC18-4320-BC87-C15CE4
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\1B568620-4C5C-4A64-A191-F95ECD
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\238D0934-DEB5-4B38-BBBB-AE2BCF
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\2403597A-E62B-40C8-94DF-AC4FFD
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\2A9BCD2A-839F-4506-83F8-D01414
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\54C2C35F-7313-449C-985D-933BE8
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\9ECB79C0-56F8-4A83-AD51-F26FEF
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\BE1A30EB-D95F-46BE-8848-A6AA28
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\CA13E24B-EDE6-4CFA-B630-3FFC7F
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\D5FFEFE8-F63C-4363-AF10-B8EDC1
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\DFE030B5-5E57-4C4A-9C7E-398A29\F565D282-9705-4EF4-9EDC-8D0EF2
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E394B8DA-3FE4-4E2C-B46D-015E13\19394C3B-53A6-413F-BC01-9A783E
Adware:Adware/IST.SideFind No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E394B8DA-3FE4-4E2C-B46D-015E13\481812DA-26E9-45FA-9070-F435EF
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E57A30FA-4151-4FAD-A7B6-A51350\0E8D5405-69B5-4B68-AE9B-B2AB68
Adware:Adware/IST.ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E916EE7D-1E24-4566-9ABC-3DE937\A478932B-94A5-4A6A-BF87-5C807E
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E955ACF7-1AC0-4404-9776-59F184\033A54A8-5965-4FEC-AC00-BA6ACE
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E955ACF7-1AC0-4404-9776-59F184\1363BA0E-DAE3-4D15-BD91-0B9693
Adware:Adware/WinAD No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine&#
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download and install Cleanup 4.0

Now run CleanUp
IMPORTANT!
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp


Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp


Please delete these files.

C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
C:\WINNT\SYSTEM32\ap2nqrd4.dat
C:\WINNT\SYSTEM32\ap9h4qmo.ini
C:\WINNT\SYSTEM32\bqrufs5f.dat
C:\WINNT\SYSTEM32\svcsysnet32.dll



Open up Microsoft's Antispyware and delete all quarantined items.


The logs from the virus scans didn't post completely. Can you repost them or attach them as a text file so I can review everything that was found?
  • 0

#8
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I will run Cleanup 4.0 now. In the meantime, here are the logs again.

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:45:34 PM, on 11/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\DAS.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\Dfssvc.exe
C:\windll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\Documents and Settings\Administrator\My Documents\Programs_old\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrintWhere Router 2.6] C:\Program Files\PrinterOn Corporation\Internet PrintWhere 2.6\PWCCRT26.EXE
O4 - HKLM\..\Run: [Windows DLL Service] C:\windll32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.inroads.org/iNotes6.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BrioPlatform1_incisive01_incisive01_1800 (BPS BrioPlatform1_incisive01_incisive01_1800) - Unknown owner - C:\Program Files\Brio\Brio8\BrioPlatform\bin\RMService8.exe
O23 - Service: BrioPlatform1_BI1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: BrioPlatform1_DAS1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: dlbt_device - Dell - C:\WINNT\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: JRun Admin Server (JRun Admin) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Admin" "admin (file missing)
O23 - Service: JRun Default Server (JRun Default) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Default" "default (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


Thanks for all the assitance.

Attached Files


  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
There we go. :tazz: Now I can see what we're dealing with.

Please follow these steps:
  • Please make sure that you can View Hidden Files
    • Click Start -> My Computer
    • Select Tools -> Folder options
    • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
    • Also make sure that 'Display the contents of system folders' is checked.
    • For more info on how to show hidden files click here.


  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [Windows DLL Service] C:\windll32.exe
    O4 - HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelder.exe



  • Please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here for more info.



  • Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):


    C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
    C:\WINNT\SYSTEM32\ap2nqrd4.dat
    C:\WINNT\SYSTEM32\ap9h4qmo.ini
    C:\WINNT\SYSTEM32\bqrufs5f.dat
    C:\WINNT\SYSTEM32\svcsysnet32.dll
    C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe
    C:\WINNT\myurlff.exe
    C:\WINNT\unstall.exe
    C:\windll32.exe
Reboot your computer to go back to normal mode and post a new log.
  • 0

#10
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK. I perform all the items above. See attached log. This time when I logged on - the "mediatickets35.com" did not invoke itself. Maybe this is a sign of everything being fixed. See new HijackThis log below -->

Logfile of HijackThis v1.99.1
Scan saved at 10:52:34 AM, on 11/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\DAS.exe
C:\PROGRA~1\Brio\Brio8\BRIOPL~1\bin\BIService.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\Brio\Brio8\jre\jre131\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Brio\Brio8\BrioPlatform\autonomy\dre\DRE.exe
C:\Program Files\Brio\Brio8\BrioPlatform\autonomy\dish\DiSH.exe
C:\Documents and Settings\Administrator\My Documents\Programs_old\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrintWhere Router 2.6] C:\Program Files\PrinterOn Corporation\Internet PrintWhere 2.6\PWCCRT26.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = C:\Program Files\Kinko's\FPFK\Kinkos.Jupiter.GUI.SysTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.inroads.org/iNotes6.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BrioPlatform1_incisive01_incisive01_1800 (BPS BrioPlatform1_incisive01_incisive01_1800) - Unknown owner - C:\Program Files\Brio\Brio8\BrioPlatform\bin\RMService8.exe
O23 - Service: BrioPlatform1_BI1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: BrioPlatform1_DAS1_incisive01_1800 - Unknown owner - C:\PROGRA~1\Brio\Brio8\install\srvany.exe
O23 - Service: dlbt_device - Dell - C:\WINNT\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: JRun Admin Server (JRun Admin) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Admin" "admin (file missing)
O23 - Service: JRun Default Server (JRun Default) - Unknown owner - C:\Program Files\Brio\Brio8\JRun\bin\jrun.exe" -jrundir "C:\Program Files\Brio\Brio8\JRun" -nt "JRun Default" "default (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINNT\system32\lxbscoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
  • 0

#12
Brenda Williams

Brenda Williams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much. I will follow the suggestions mentioned above. It has been 7 long months of that "thing". YEAH - it's gone. Have a great weekend!
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Glad I could help! :tazz:
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP