Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need cleanup help


  • Please log in to reply

#1
kgirl65

kgirl65

    New Member

  • Member
  • Pip
  • 1 posts
I have followed the steps required to clean as much of the malware as I can. Attached is HiJackit:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:02 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\mshta.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Documents and Settings\Kym\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Kym\LOCALS~1\Temp\se.dll/spage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/comcast.html
R3 - URLSearchHook: (no name) - {D11939CE-4B7D-F8E8-8711-1DE3F6BFAD61} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B5F2580-5E23-4C92-B9B7-CF0733F845D8} - (no file)
O2 - BHO: (no name) - {3877E062-D2C8-43EB-8209-04C8662CB13B} - (no file)
O2 - BHO: TChkBHO Class - {4750E6AD-06B7-4F2C-8B74-C23486C1A02D} - C:\WINDOWS\system32\sknik.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {678E9E21-2056-45E6-84AC-222AE736B519} - (no file)
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O4 - Global Startup: winspool.hta
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://127.0.0.1/CFI...sses/CFJava.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132381115531
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124281532340
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.c.....AST SETUP.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D618CA-E834-43F7-8EE9-1B6C548E293E}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AC764B3-4A54-48B8-BEBA-0A411F9FF076}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{64E28990-1571-4187-991C-B80D0636B487}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F0DE04-F2DE-4465-9C9A-37E4C7D37AA0}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C06E95F3-59D6-4AFF-9E0F-C18F00D99AB4}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B2A559-30EF-4010-88BB-118C46EABB3B}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F093B4DD-E648-4308-BF00-28377A7E9A03}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS3\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{3231384E-51B1-43AD-B28B-EA6D04705D01}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\jrun".exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Below is the Ewido Report:

+ Created on: 8:11:40 AM, 11/26/2005
+ Report-Checksum: 5BE924BD

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1\CLSID\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01FC5803-8644-45D7-877B-5A3924D8ECC4}\TypeLib\\ -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ACC4DBFF-71AF-4227-A86D-8777429F56BD} -> Spyware.ScratchAndWin : Cleaned with backup
HKLM\SOFTWARE\Classes\Eac_mindef.MDefControl\CLSID\\ -> Spyware.StopSign : Cleaned with backup
HKLM\SOFTWARE\Classes\Eac_mindef.MDefControl.1\CLSID\\ -> Spyware.StopSign : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2DDD90D6-F153-4EA7-A324-4B2D83D1027E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{68831D00-169E-4FEB-89B9-E099DF439321} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{68831D00-169E-4FEB-89B9-E099DF439321}\TypeLib\\ -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchBarToolbar.SearchBar\Clsid\\ -> Spyware.SearchBarCash : Cleaned with backup
HKLM\SOFTWARE\Classes\Support.Application\CLSID\\ -> Spyware.ScratchAndWin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{15E7D23B-736E-46FA-BFFD-CBEC4126BEFD} -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}\\BandCLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEGator.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEGator.dll\\{54E7E082-1DA6-412E-96B5-C290FCEF5329} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PdpPlugin5094.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PdpPlugin5094.dll\\{C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\DelFin -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{BF69DF00-2734-477F-8257-27CD04F88779} -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23DDAE8C-6A79-4D62-80AA-E95D89CB9811} -> Spyware.SearchExplorer : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\NavExcel Ltd -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Updater -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-18\Software\Updater -> Spyware.KeenValue : Cleaned with backup
C:\578be110.exe.tcf -> Spyware.ISearch : Cleaned with backup
C:\Documents and Settings\Kym\Cookies\kym@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kym\Cookies\kym@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kym\Local Settings\Temporary Internet Files\Content.IE5\STE7STER\runsvc33[1].exe -> Spyware.ISearch : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Sy350\350_1.dat -> Spyware.TopMoxie : Cleaned with backup
C:\Program Files\eZula -> Adware.eZula : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\SearchRelevancy -> Spyware.Relevance : Cleaned with backup
C:\Program Files\SearchRelevancy\SearchRelevancy.xml -> Spyware.Relevance : Cleaned with backup
C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Toolbar\nzqlihv.wzg -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1\A0000013.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1\A0001013.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0001097.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0001128.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP2\A0003127.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0006130.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012164.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012471.dll -> Spyware.FWN : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012472.dll -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012473.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012474.exe -> TrojanDropper.Small.xl : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012475.dll -> Spyware.SBSoft : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012476.exe -> Trojan.DNSChanger.k : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012477.exe -> TrojanDownloader.NSIS.Gen : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012478.EXE -> TrojanDownloader.Small.wk : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP3\A0012479.exe -> Spyware.VB : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\install007.exe.tcf -> Trojan.SecondThought.ao : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\search3.dll -> Spyware.MegaSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCommX.dll.tcf -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\MSVprep.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85-1.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\AcsProxy.dll.tcf -> Spyware.FWN : Cleaned with backup
C:\WINDOWS\system32\ATPartners.dll.tcf -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\WINDOWS\system32\dmsadmins.exe.tcf -> Spyware.Msnagent : Cleaned with backup
C:\WINDOWS\system32\dumpsprep.exe.tcf -> TrojanDropper.Small.xl : Cleaned with backup
C:\WINDOWS\system32\hybsys32.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\ie2cltr.dll.tcf -> Spyware.SBSoft : Cleaned with backup
C:\WINDOWS\system32\IfMegaWbr.dll -> TrojanDropper.Small.xm : Cleaned with backup
C:\WINDOWS\system32\InstaFinder_inst.exe -> Spyware.InstaFinder.a : Cleaned with backup
C:\WINDOWS\system32\ipdnssec6.exe.tcf -> Trojan.DNSChanger.k : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\MegasearchBarSetup.exe.tcf -> TrojanDownloader.NSIS.Gen : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Spyware.MarketScore : Cleaned with backup
C:\WINDOWS\system32\sknik.dll -> Spyware.WurldMedia : Cleaned with backup
C:\WINDOWS\system32\TVM_B5_Bundle_6.EXE.tcf -> TrojanDownloader.Small.wk : Cleaned with backup
C:\WINDOWS\system32\unregister.exe.tcf -> Spyware.VB : Cleaned with backup
C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe -> Spyware.WebRebates.g : Cleaned with backup
C:\WINDOWS\tmp.hta -> TrojanDownloader.Psyme.at : Cleaned with backup


::Report End
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:
I apologize for the delay getting to your log, the helpers here are very busy.

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Once you have Hijackthis running from a permanent folder, please reboot and post a new hijackthis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP