Winfixer and Trojan help [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Winfixer and Trojan help [RESOLVED] A pop-up Winfixer "Add & Remove Programs" opens often wh

#1 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 10 January 2006 - 09:32 AM

Hello! A Winfixer "Add & Remove Programs" box frequently opens when I try to use my Internet Explorer. I've downloaded and run all of the preliminary antispyware software, but they haven't been able to stop the Winfixer box from popping up. I have reviewed other threads that ask this same question, but I'm wondering how to get rid of this! Should I just look at their threads and follow the same steps, or is it more complicated than that?

Also, my ewido anti-malware 3.5 has detected a file called ddaxu.dll in my C:\WINDOWS\system32 folder that it says is a malicious program. It only gives the option to clean it, and when I press ok, the ewido window just pops back up again a few seconds later. What can I do to get rid of the infected file? I also have a VirusScan program that has identified this file, and when I ask it to delete it, it also says that the "deletion failed" and the VirusScan window just pops back up again.

I would GREATLY appreciate any help you could give to me! Thank you so much!





Logfile of HijackThis v1.99.1
Scan saved at 10:14:09 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\xxwxu.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddaxu.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddaxu - C:\WINDOWS\SYSTEM32\ddaxu.dll
O20 - Winlogon Notify: xxwxu - C:\WINDOWS\system32\xxwxu.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



ALSO- HERE IS MY EWIDO REPORT:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:45:03 AM, 1/10/2006
+ Report-Checksum: 5376F44F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30000273-8230-4DD4-BE4F-6889D1E74167} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-296248070-2491067979-3831948528-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.729:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.732:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.755:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.757:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.759:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.760:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.771:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.781:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.799:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.836:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.837:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.838:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.856:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.872:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Christine D'Auria\Application Data\Mozilla\Firefox\Profiles\ckwgoxvu.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@ehg-foxsports.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Cookies\christine d'auria@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Christine D'Auria\Local Settings\Temp\Cookies\christine d'auria@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings

#2 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 10 January 2006 - 10:03 AM

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    Quote

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....



  • At this point press enter one time.

  • Next you will see:

    Quote

    Please Type in the filepath as instructed by the forum staff
    and then press enter:


  • At this point please type the following file path (make sure to enter it exactly as below!):
      C:\WINDOWS\system32\xxwxu.dll


  • Press Enter to continue with the fix.

  • Next you will see:

    Quote

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
      C:\WINDOWS\system32\uxwxx.*

  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
      O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\xxwxu.dll
      O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddaxu.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O20 - Winlogon Notify: ddaxu - C:\WINDOWS\SYSTEM32\ddaxu.dll
      O20 - Winlogon Notify: xxwxu - C:\WINDOWS\system32\xxwxu.dll

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

#3 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 10 January 2006 - 05:51 PM

Hello! Thank you for replying so quickly this morning! I completed everything you told me to do; however, when I worked with the VundoFix, there was no file called "O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\xxwxu.dll" (the second one that you listed for me to remove. Also, when I re-started my computer, my VirusScan & Ewido programs popped up saying that the file C:\WINDOWS\system32\ddaxu.dll (the same one as before) still exists.

My Active Scan results are attached, and here is my VundoFix.txt report:


VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\xxwxu.dll

The second filepath entered was C:\WINDOWS\system32\uxwxx.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 184 'smss.exe'

Killing PID 860 'explorer.exe'


Killing PID 256 'winlogon.exe'
Killing PID 256 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\xxwxu.dll Deleted sucessfully.
C:\WINDOWS\system32\uxwxx.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------




...as well as a new HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:17 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddaxu.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: ddaxu - C:\WINDOWS\SYSTEM32\ddaxu.dll
O20 - Winlogon Notify: xxwxu - C:\WINDOWS\system32\xxwxu.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Once again-- thank you so much for taking the time to help me!!!

Attached File(s)


#4 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 10 January 2006 - 07:06 PM

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddaxu.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: ddaxu - C:\WINDOWS\SYSTEM32\ddaxu.dll
O20 - Winlogon Notify: xxwxu - C:\WINDOWS\system32\xxwxu.dll (file missing)

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

My Way
Winsoftware

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders -

Folders
C:\Program Files\Common Files\WinSoftware
C:\PROGRAM FILES\MyWay


Reboot the PC.

Please download WebRoot SpySweeper from here:
http://www.webroot.com/downloads/?WRSID=fd...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.


Also post a fresh Hijack This log please.

#5 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 10 January 2006 - 08:45 PM

When I went to the control panel to "Add/Remove Programs," there weren't MyWay or Winsoftware programs to remove. Also, when I ran the Hijack This before I rebooted, I don't think it removed two of the files, because they were still there:

Also, when I downloaded and ran the Webroot Spy Sweeper, it says that I have to subscribe in order to remove the items from the list?? It therefore can not give a list of results because I haven't subscribed. The 4 items that showed up, however, were "apropos," "altnet," "topsearch," and "winantispyware 2005."

Here is my Hijack This report:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:17 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#6 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 11 January 2006 - 11:23 AM

Please uninstall SpySweeper as it doesnt seem to be of much use to us.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.

#7 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 11 January 2006 - 04:54 PM

My ewido report is attached, and here is my Hijack This report:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:47 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Attached File(s)


#8 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 11 January 2006 - 05:25 PM

The items identified by Spy Sweeper didnt show up in Ewido log.



Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Please also do a scan with Microsoft Anti-Spyware and post back the scan report.

#9 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 11 January 2006 - 06:39 PM

My Hijack This Report:

Logfile of HijackThis v1.99.1
Scan saved at 6:52:46 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





... and the Microsoft Antispyware Scan Results:

1726 memory locations scanned, 0 detected
22551 files checked, 0 detected
9743 registry locations checked, 0 detected.

No items detected.

Attached File(s)

  • Attached File  log.txt (404bytes)
    Number of downloads: 89

#10 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 12 January 2006 - 09:45 AM

Hi,

Your logs look fine.


Do you have any issues with your PC ?? If you have no issues, then we can clean up some of the unwanted tools, files and entries.

#11 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 12 January 2006 - 09:51 AM

Hello!

I don't have any other problems (at least that I know about!!) with my PC! Thanks so much for helping-- I appreciate this so much!

I'd like to get rid of unwanted files, tools, etc... Where do I start?

Thanks again :tazz:

#12 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 12 January 2006 - 10:30 AM

Let us clean up your PC a little bit.


Delete the following programs and the associated folders, which you downloaded during the cleaning up process -

Vundofix.exe
Aproposfix.exe

Vundofix folder
Aproposfix folder



We can disable Ewido from running at startup. Conflicts can arise between multiple anti-virus programs and can severely hamper the performance of the PC.


Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - ewido security suite control. Right click on it and then click on properties. In the Startup Type choose the option Disable. Similarly disable the service - ewido security suite guard. Close the window.


You can use Ewido whenever you want to scan your PC by manually running it. Please make sure that you get the updates for Ewido before scanning with it each time.



Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

This will not delete the programs from your PC. This will only disable the programs from running at Start up and result in a faster PC. You can always run the programs manually by using the respective exe files or the shortcuts.

After this, please visit Windows security and critical updates and get all the updates and patches and install them on your PC.


Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

Click on Start ---> Help and Support.

Under Help and Support Resources, click on System Restore. Click on "create a restore point". Click on Next and follow the instructions to create the system restore point.


Now Click on start ---> Run. Type in - cleanmgr - and hit enter. In the window which opens, it will ask you to choose your default drive (most likely C:\). Click on OK. It will scan your hard disks for cleaning up and may take a couple of minutes. Be patient.

After the scan is complete, click on "More Options" tab. Click on cleanup button in the System Restore section. Click on Yes when you are prompted - Are you sure you want to delete all but the most recent restore point?

Click on OK and exit Disk Cleanup.


Reboot the PC and post a fresh HJT log.

#13 CD10138

  • Group: Member
  • Posts: 7
  • Joined: 09-January 06

Posted 12 January 2006 - 02:01 PM

Here is my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 2:57:55 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christine D'Auria\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://email.brown.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 2)" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualap...om/activegs.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136905326364
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Again--- I know people must thank you so often that it becomes almost meaningless to you... But I REALLY do appreciate your help!!

#14 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 12 January 2006 - 03:17 PM

View PostCD10138, on Jan 12 2006, 03:01 PM, said:


Again--- I know people must thank you so often that it becomes almost meaningless to you... But I REALLY do appreciate your help!!



The day they become meaningless, I will stop doing logs here :tazz:

Your appreciation is gracefully accepted.

#15 tampabelle

  • Group: Retired Staff
  • Posts: 6,363
  • Joined: 26-February 05

Posted 12 January 2006 - 03:17 PM

CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:



I would recommend the following steps to keep your PC clean -

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.

Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.

Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm

Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.

Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.

Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

An alternate freeware software which can be used is ATF Cleaner.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.



Go ahead and enjoy a clean PC !!!!!!!!!!!!!

Share this topic:


  • 2 Pages +
  • 1
  • 2