Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Well, my computer is dying from all the crap on it [RESOLVED]

Started by redundant142 , Nov 15 2005 11:24 AM

This topic is locked

#1
redundant142

Posted 15 November 2005 - 11:24 AM

Member

Member
23 posts

I have the vundo virus on my computer(or so norton antivirus says) but it can't be removed. It can't be removed by the vundo fixer either. Also, I think I just have some massive problems with my computer. I shouldn't have let my siblings use it. Can anyone help?

Logfile of HijackThis v1.99.1
Scan saved at 12:22:02 PM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Bazooka Scanner\spywarescanner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Brian Dundon\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hp26B.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#2
Buckeye_Sam

Posted 17 November 2005 - 02:20 PM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Once you have Hijackthis running from a permanent folder, please reboot and post a new hijackthis log.

#3
redundant142

Posted 17 November 2005 - 02:58 PM

Member

Topic Starter
Member
23 posts

Sorry about that. Here you go.

Logfile of HijackThis v1.99.1
Scan saved at 3:58:01 PM, on 11/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hpB0ED.tmp
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Brian Dundon\Desktop\HijackThis.exe /startupscan
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#4
Buckeye_Sam

Posted 17 November 2005 - 03:43 PM

Malware Expert

Member
10,019 posts

First we need to download and prepare some tools that we will need to fix your problem.

Please download SmitRem.zip
- Save the file to your desktop.
- Right click on the file and extract it to it's own folder on the desktop.
Please download Ewido Security Suite
- Install ewido security suite
- When installing, under "Additional Options" uncheck..
  - Install background guard
  - Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- You will need to update ewido to the latest definition files.
  - On the left hand side of the main screen click update.
  - Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")
- Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido Manual Updates
Please download Adaware SE 1.06
Install Adaware and check for updates, but don't run it yet.
Place a shortcut to Panda ActiveScan on your desktop.

=============

Now that you have the right tools we can start fixing your problem.
Please print out these instructions as the rest of this fix must be done in Safe mode and you won't be able to access the Internet.

Please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

* if you have trouble getting into Safe mode go here for more info.

=============

Once in Safe mode, follow these steps:

Open the smitRem folder, then double click the RunThis.bat file to start the tool.
- Follow the prompts on screen.
- Wait for the tool to complete and disk cleanup to finish.
- The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove everything that it finds.
Run Ewido:
- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan it will prompt you to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop.
- Close Ewido.
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into normal mode and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the Panda scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let me know if any problems persist.

#5
redundant142

Posted 18 November 2005 - 10:45 PM

Member

Topic Starter
Member
23 posts

Well, I did what you said and I still have Trojan.Vundo, SpyAxe, and I think Winfixer on my computer. Here's the logs.

Incident Status Location

Adware:adware/securityerror No disinfected C:\Documents and Settings\Brian Dundon\Favorites\Free XXX Sites List.url
Adware:Adware/SpyAxe No disinfected C:\Program Files\SpyAxe\SpyAxe.exe
Adware:Adware/SpyAxe No disinfected C:\Program Files\SpyAxe\uninst.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system\rasvga.dll
Adware:Adware/SecurityError No disinfected C:\WINDOWS\system32\1024\ldF471.tmp
Adware:adware/spyaxe No disinfected C:\WINDOWS\system32\svchosts.dll

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:35:50 PM, 11/18/2005
+ Report-Checksum: 9613EFC1

+ Scan result:

:mozilla.6:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Brian Dundon\Application Data\Mozilla\Firefox\Profiles\6dss18od.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.44:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.92:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.93:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.95:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.111:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.112:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.113:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.114:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.115:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.116:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.117:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.119:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.199:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.203:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.204:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.205:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.206:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.207:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.208:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.222:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.246:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.247:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.248:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.249:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.250:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.290:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.291:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.292:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.294:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.295:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.296:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.298:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.313:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.527:C:\RECYCLER\NPROTECT\18850649.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.95:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.114:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.115:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.116:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.117:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.118:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.119:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.193:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.197:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.215:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.237:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.283:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.284:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.285:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.286:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.288:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.290:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.291:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.306:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.313:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.520:C:\RECYCLER\NPROTECT\18850719.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.59:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.103:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.108:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.122:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.124:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.197:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.216:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.238:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.284:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.285:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.286:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.288:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.290:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.291:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.292:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.307:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.308:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.521:C:\RECYCLER\NPROTECT\18850789.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.104:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.109:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.124:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.126:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.128:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.197:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.203:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.217:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.239:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.285:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.286:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.287:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.288:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.290:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.291:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.292:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.293:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.308:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.309:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.315:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.522:C:\RECYCLER\NPROTECT\18850941.MOZ -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system\rasvga.dll -> Spyware.Virtumonde : Cleaned with backup

::Report End

Hope this helps.

#6
Buckeye_Sam

Posted 19 November 2005 - 08:10 AM

Malware Expert

Member
10,019 posts

This will take a few steps, but we'll get it all.

Please post the log from the Smitrem tool. It should be located at C:\smitfiles.txt

Delete all Norton protected files from your recycle bin.

Now I need to see a different type of log from Hijackthis

Run Hijackthis.
Click on "Open the Misc Tools section".
Next click on "Open uninstall manager".
Press the button 'save list'. It will open a Notepad file.
Place the content of that file here in your in your next reply.

#7
redundant142

Posted 19 November 2005 - 10:57 AM

Member

Topic Starter
Member
23 posts

Alright, here you go.

Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 11/18/2005
The current time is: 11:37:55.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

Antivirus Test Online.url

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :tazz:

And the HiJackthis log...

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOL Instant Messenger
AOLIcon
AVG Anti-Virus 7.1
Bazooka Scanner
Broadcom Management Programs 2
ccCommon
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Support 5.0.0 (630)
Digital Line Detect
ewido security suite
Heavy Weapon Deluxe 1.0
HijackThis 1.99.1
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Internet Worm Protection
iOfficeWorks 7.64
iPod for Windows 2005-09-23
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Basic Edition 2003
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (1.0.6)
Mozilla Sunbird (0.2)
Mozilla Thunderbird (1.0.7)
mPfMgr
mPfWiz
mProSafe
MSN Messenger 7.5
mSSO
mToolkit
mWlsSafe
mXML
myTunes Redux 1.0
mZConfig
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
PopCap Browser Plugin
PowerDVD 5.5
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sid Meier's Alpha Centauri
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
SpyAxe 3.0
Spybot - Search & Destroy 1.4
Star Wars Republic Commando
Symantec
Symantec Script Blocking Installer
SymNet
Trend Micro Anti-Spyware
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
Webshots Desktop
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB893086

#8
Buckeye_Sam

Posted 19 November 2005 - 05:55 PM

Malware Expert

Member
10,019 posts

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

SpyAxe 3.0
Viewpoint Media Player

Delete these folders if they still exist.

C:\Program Files\SpyAxe
C:\Program Files\Viewpoint

Reboot and post a new hijackthis log.

#9
redundant142

Posted 20 November 2005 - 12:26 PM

Member

Topic Starter
Member
23 posts

Here's the HiJackthis log. SpyAxe is still on the computer, as is Trojan.Vundo(so says Norton Antivirus).

Logfile of HijackThis v1.99.1
Scan saved at 1:24:47 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hpB0ED.tmp (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\rasvga.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Brian Dundon\Desktop\HijackThis.exe /startupscan
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#10
Buckeye_Sam

Posted 20 November 2005 - 07:57 PM

Malware Expert

Member
10,019 posts

Did you delete this folder? Is it still gone?

C:\Program Files\SpyAxe

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
At this point press enter one time.
Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system\rasvga.dll
Press Enter to continue with the fix.
Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system\agvsar.*
Press Enter to continue with the fix.
The fix will run then HijackThis will open. If it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hpB0ED.tmp (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\rasvga.dll
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll
After you have fixed these items, close Hijackthis.
Press enter to exit the program then manually reboot your computer.
Once your machine reboots please continue with the instructions below.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

#11
redundant142

Posted 21 November 2005 - 12:57 PM

Member

Topic Starter
Member
23 posts

Here's the Hijackthis log and all the others. Spyaxe is still here, even though I've done everything you've asked.

Logfile of HijackThis v1.99.1
Scan saved at 1:54:54 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hpB0ED.tmp (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\rasvga.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Brian Dundon\Desktop\HijackThis.exe /startupscan
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Active Scan

Incident Status Location

Adware:adware/securityerror Not disinfected C:\Documents and Settings\Brian Dundon\Favorites\Free XXX Sites List.url
Adware:Adware/SpyAxe Not disinfected C:\Program Files\SpyAxe\uninst.exe
Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\svchosts.dll

Vundo Fix

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system\rasvga.dll

The second filepath entered was C:\WINDOWS\system\agvsar.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------

Killing PID 160 'smss.exe'

Killing PID 792 'explorer.exe'

Killing PID 236 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system\rasvga.dll Deleted sucessfully.
C:\WINDOWS\system\agvsar.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------

#12
Buckeye_Sam

Posted 21 November 2005 - 04:31 PM

Malware Expert

Member
10,019 posts

Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.

Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:
- C:\Documents and Settings\Brian Dundon\Favorites\Free XXX Sites List.url
  C:\Program Files\SpyAxe\uninst.exe
  C:\WINDOWS\system32\svchosts.dll
Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your system will reboot now.

Now you should be able to delete this folder.

C:\Program Files\SpyAxe

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hpB0ED.tmp (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\rasvga.dll (file missing)
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O20 - Winlogon Notify: rasvga - C:\WINDOWS\system\rasvga.dll (file missing)

Reboot and post a new hijackthis log.

#13
redundant142

Posted 22 November 2005 - 08:32 AM

Member

Topic Starter
Member
23 posts

Here's the Hijackthis log. The "your computer is infected" bubble is still around. Also, my computer starts rediculously slow now. It takes 45 seconds for my background to appear after logging in, and then another 3 minutes before the icons and start menu begin to load. Crazy.

Logfile of HijackThis v1.99.1
Scan saved at 9:30:00 AM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Brian Dundon\Desktop\HijackThis.exe /startupscan
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#14
Buckeye_Sam

Posted 22 November 2005 - 08:17 PM

Malware Expert

Member
10,019 posts

It sounds like something is still lurking about. Let's see if we can find out what it is.

Download and save backlight to your desktop. Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.

#15
redundant142

Posted 22 November 2005 - 09:05 PM

Member

Topic Starter
Member
23 posts

I'm sorry, but I'm not at school so I won't be able to do what you ask of me right now. My computer has no internet connection here at home. I'll get back to you on Sunday night hopefully.