Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with a bad spyware/malware problem[RESOLVED]

Started by gldneye , Feb 16 2005 03:54 PM

  • This topic is locked This topic is locked

#16
Guest_thatman_*
Posted 17 February 2005 - 11:56 PM

Guest_thatman_*
  • Guest
Hi gldneye

How is your system now

Please set your system to show all files; see here for how to do this if you're unsure.

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedso32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\EliteToolBar\EliteToolBar.dll
C:\windows\system32\elitedso32.exe

Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

Advertisements

#17
gldneye
Posted 18 February 2005 - 03:45 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thatman,
it sure has been better than I did what you told me to do yesterday.

I checked the four items on the HJT and fixed them. Rebooted in Safe Mode and deleted C:\WINDOWS\EliteToolBar\EliteToolBar.dll. I also deleted EliteSideBar08.dll. However, elitedso32.exe was in the Windows\Prefetch folder and I deleted that.

I ran HJT again and O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitedso32.exe was still there. I checked it again and "Fix checked".

This is the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:36:30 PM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Launchboard\lnchbrd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\LH\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LaunchBoard] C:\Program Files\Launchboard\lnchbrd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

What do you think?

Thanks,
gldneye
  • 0

#18
gldneye
Posted 18 February 2005 - 06:55 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
:tazz: Oddly enough, i just got an alert by Microsoft Antispyware Beta that SearchMiracle is trying to install EliteBar. I thought I got rid of all of them.

gldneye ;)
  • 0

#19
Guest_thatman_*
Posted 19 February 2005 - 05:15 AM

Guest_thatman_*
  • Guest
Hi gldneye

Please run the following free, online virus scans:

http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Then restart your computer one more time and post a new HJT log.

Kc :tazz:
  • 0

#20
gldneye
Posted 19 February 2005 - 01:08 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thatman,


Ran both Housecall and Panda and seem to have a lot of noncleable stuff.
Is there anything I still have to do?
Thank you for all your help!

gldneye :tazz: ;)

Logfile of HijackThis v1.99.1
Scan saved at 11:01:35 AM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Launchboard\lnchbrd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\LH\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LaunchBoard] C:\Program Files\Launchboard\lnchbrd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This is Panda log:

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\exdl.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/Look2Me No disinfected C:\WINDOWS\VT00.exe
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/MyDailyHoroscopeNo disinfected C:\DOCUME~1\LH\LOCALS~1\Temp\dummy.htm
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\reg6523.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Winlspak.dll
Adware:Adware/SuperSpider No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[cumctl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[KNDAZEL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[mvj8l91u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[uvhisapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[guard.tmp]
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akrules.dll
Adware:Adware/CWS.008k No disinfected C:\Documents and Settings\LH\Local Settings\Temp\bw2.com
Adware:Adware/Transponder No disinfected C:\Documents and Settings\LH\Local Settings\Temp\drpE5.tmp\thnall1b.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iBE.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iDC.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\SskUpdater.exe
Virus:Trj/Startpage.SJ Disinfected C:\Documents and Settings\LH\Local Settings\Temp\Temporary Internet Files\Content.IE5\2PAXUDIJ\protector_update[1].exe
Virus:Trj/Startpage.SJ Disinfected C:\Documents and Settings\LH\Local Settings\Temp\Temporary Internet Files\Content.IE5\CLKNOBG1\protector[1].exe
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[btgrab.inf]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\LH\Local Settings\Temp\uninstall.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Virus:Trj/Startpage.SJ Disinfected C:\Documents and Settings\OP\Local Settings\Temporary Internet Files\Content.IE5\X0OV9HWP\protector_update[1].exe
Adware:Adware/Coupons No disinfected C:\Program Files\backups\backup-20050102-113331-252.dll
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0A954F64-0482-4015-B75F-6FC3CB\68BD3AAC-E650-4353-981E-73A393
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0A954F64-0482-4015-B75F-6FC3CB\8935EB97-A3DC-4AE4-9986-7410A7
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0A954F64-0482-4015-B75F-6FC3CB\BBF18114-5375-4BD9-9722-FA9943
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0A954F64-0482-4015-B75F-6FC3CB\C4691314-6155-4222-868A-E412A4
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1411515A-194D-4220-9348-093816\D785BFE4-B362-495E-BCAA-C2BA1C
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\196FE66C-D23B-4FE0-AEFF-57BE2A\2A78E4F9-5D00-445A-AECB-FA3794
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\196FE66C-D23B-4FE0-AEFF-57BE2A\7B5FF13E-18FD-451F-9E0E-8BE40A
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\196FE66C-D23B-4FE0-AEFF-57BE2A\C3FDF18A-7781-44CB-B735-3673F8
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AF8449E-BEEA-486A-865D-25C91A\F97781DE-BB89-4070-86EF-0AE2DE
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2E0F3453-702B-4A08-9AD4-7E777E\BF1095A6-01E3-4F31-B8B6-7EF517
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42C501C5-E96B-4E2E-8F8F-E2BBE0\C05D0A7E-9FD7-4F23-8834-A80027
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4A5B9B17-FB35-4040-B820-95C417\B59725A0-2444-4885-BBFE-FA2947
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4A8E89E6-3A94-4CE5-85AC-411ABF\4BF1EDA3-7BA2-4C6F-9EFD-688DF6
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\545538D9-AC57-4137-A2D3-D749B4\1DF07DE1-9E82-469C-97D3-433463
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\545538D9-AC57-4137-A2D3-D749B4\F2A5FC3A-5555-4E09-9584-00176C
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5AFA942F-F9A9-49CF-819F-8C0AA2\58ACC5BB-5CCD-4FAE-8568-26DD93
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5AFA942F-F9A9-49CF-819F-8C0AA2\BD465E9F-DA0B-45F4-AB70-713031
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\60DBD131-A7AF-412C-97B9-B5A0BD\2FBB8A7E-501D-4A90-95DA-B08F74
Spyware:Spyware/Virtumonde No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\63AC9119-F0DC-46A6-8C1A-D353F2\D3BE4158-E32B-49D9-A7CE-552605
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7BC7C4DB-23CE-4BF6-8EE5-EA2002\04BD2F60-2A6E-4F42-8A2D-5E0FBB
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7BC7C4DB-23CE-4BF6-8EE5-EA2002\899B63AB-83DF-4A97-99C4-2A5C3D
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7BC7C4DB-23CE-4BF6-8EE5-EA2002\B1F91A9C-AE98-4D14-8604-B2B66B
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7D2775CF-E7B9-46DA-BF5C-35A6C1\33035F02-E84F-4FA3-9F0C-083E72
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7D2775CF-E7B9-46DA-BF5C-35A6C1\6169491A-5F91-4C89-8483-D531C7
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7D2775CF-E7B9-46DA-BF5C-35A6C1\8A1D9263-E42F-4B29-9850-5538B8
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8DB71FC2-30EA-4E3E-9426-96C9E4\FED8CC9E-DBE3-42CC-B0C2-521664
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A92B55C4-539C-443F-BCC7-0F2D95\29C35104-774E-4003-B34B-F27531
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ADE92919-07A6-4F20-94B0-A62C05\05EDAD62-0A9F-4F48-A519-32D63A
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ADE92919-07A6-4F20-94B0-A62C05\0EE00B44-3487-464D-9457-3818FF
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ADE92919-07A6-4F20-94B0-A62C05\81C059AD-7735-4856-B4AF-1857EA
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\ADE92919-07A6-4F20-94B0-A62C05\AD182DB7-208B-44D2-AEA6-084992
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B2858FC0-83CB-46FF-888B-7FCF4D\61270F0B-8892-4D81-88EE-340F93
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C1A10D06-45F7-4D3E-A84D-7BF7E4\49586524-C0B6-40CC-A20C-661BB8
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D515B90F-FC60-4C73-84CD-969FB6\470FB0A2-E8E4-4C45-8AAD-77DDA1
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D515B90F-FC60-4C73-84CD-969FB6\5E649947-982C-4B05-B392-DE7ADD
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FE6B8B09-B07A-4678-A09D-F8002A\065A0061-3B7E-436F-8C60-B80041
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FE6B8B09-B07A-4678-A09D-F8002A\18EF2376-9A58-4498-86D1-B8ED37
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/BTGrab No disinfected C:\WINDOWS\INF\btgrab.inf
Adware:Adware/Envolo No disinfected C:\WINDOWS\plgiki.exe
Virus:Trj/Startpage.SJ Disinfected C:\WINDOWS\protector_update.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akrules.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akupd.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dolsp.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dosync.dll
Adware:Adware/QoolAid No disinfected C:\WINDOWS\SYSTEM32\eaoeps.dll
Adware:Adware/QoolAid No disinfected C:\WINDOWS\SYSTEM32\hqzhux.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\msexreg.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winrulesak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winupdak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\bw2.com
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winrulesak.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\VT00.exe
  • 0

#21
Guest_thatman_*
Posted 20 February 2005 - 06:15 AM

Guest_thatman_*
  • Guest
Hi gldneye

1. Clean out temporary files:
Start> Run> type cleanmgr OK
Let it scan your system for files to remove Make sure Temporary Files Temporary Internet Files and Recycle Bin are the only things checked Press OK to remove them.

2. Open Ad-aware and click on the box
* Objects quarantined, open quarantined list and delete all in that list

3. Microsoft AntiSpyware\Quarantine
* Open Microsoft AntiSpyware and delete all tems in the Quarantined box

4. Please run the following free, online virus scans:
http://housecall.tre.../start_corp.asp
http://www.pandasoft...n_principal.htm

Please post the Panda log: Incident Status Location

post a new HJT log.

Thanks

Kc :tazz:

Edited by thatman, 20 February 2005 - 06:20 AM.

  • 0

#22
gldneye
Posted 20 February 2005 - 01:49 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thatman,
I ran cleanmgr, checked both Ad-aware and MS Antispyware quarantined list. Both were empty. Then ran Housecaal and Panda.
Here's the latest log:

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/MyDailyHoroscopeNo disinfected C:\DOCUME~1\LH\LOCALS~1\Temp\dummy.htm
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\reg6523.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Winlspak.dll
Adware:Adware/Otx No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[cumctl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[KNDAZEL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[mvj8l91u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[uvhisapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[guard.tmp]
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akrules.dll
Adware:Adware/CWS.008k No disinfected C:\Documents and Settings\LH\Local Settings\Temp\bw2.com
Adware:Adware/Transponder No disinfected C:\Documents and Settings\LH\Local Settings\Temp\drpE5.tmp\thnall1b.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iBE.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iDC.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\SskUpdater.exe
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[btgrab.inf]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\LH\Local Settings\Temp\uninstall.exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
The latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:00 AM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Launchboard\lnchbrd.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LH\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LaunchBoard] C:\Program Files\Launchboard\lnchbrd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you,
gldneye :tazz:
  • 0

#23
Guest_thatman_*
Posted 20 February 2005 - 02:12 PM

Guest_thatman_*
  • Guest
Hi gldneye

Please download the cleaner : http://www.ccleaner.com/

Unzip the program run the cleaner place a check mark in all the boxs. then click run cleaner.

Kc :tazz:
  • 0

#24
gldneye
Posted 20 February 2005 - 04:53 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Done. Should I post something?

Thanks,
gldneye :tazz:
  • 0

#25
Guest_thatman_*
Posted 20 February 2005 - 06:16 PM

Guest_thatman_*
  • Guest
Hi gldneye

Post a new hjt.log and the panda log

kc :tazz:
  • 0

Advertisements

#26
gldneye
Posted 20 February 2005 - 08:28 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thatman,
latest Panda log:

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/MyDailyHoroscopeNo disinfected C:\DOCUME~1\LH\LOCALS~1\Temp\dummy.htm
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\reg6523.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Winlspak.dll
Adware:Adware/Otx No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[cumctl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[KNDAZEL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[mvj8l91u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[uvhisapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[guard.tmp]
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akrules.dll
Adware:Adware/CWS.008k No disinfected C:\Documents and Settings\LH\Local Settings\Temp\bw2.com
Adware:Adware/Transponder No disinfected C:\Documents and Settings\LH\Local Settings\Temp\drpE5.tmp\thnall1b.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iBE.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iDC.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\SskUpdater.exe
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[btgrab.inf]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\LH\Local Settings\Temp\uninstall.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/Coupons No disinfected C:\Program Files\backups\backup-20050102-113331-252.dll
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AF8449E-BEEA-486A-865D-25C91A\F97781DE-BB89-4070-86EF-0AE2DE
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4A8E89E6-3A94-4CE5-85AC-411ABF\4BF1EDA3-7BA2-4C6F-9EFD-688DF6
Spyware:Spyware/Virtumonde No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\63AC9119-F0DC-46A6-8C1A-D353F2\D3BE4158-E32B-49D9-A7CE-552605
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A92B55C4-539C-443F-BCC7-0F2D95\29C35104-774E-4003-B34B-F27531
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C1A10D06-45F7-4D3E-A84D-7BF7E4\49586524-C0B6-40CC-A20C-661BB8
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D515B90F-FC60-4C73-84CD-969FB6\5E649947-982C-4B05-B392-DE7ADD
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\plgiki.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akrules.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akupd.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dolsp.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dosync.dll
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winrulesak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winupdak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\bw2.com
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winrulesak.dll
Latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:26:02 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Launchboard\lnchbrd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\LH\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LaunchBoard] C:\Program Files\Launchboard\lnchbrd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you,
gldneye :tazz:
  • 0

#27
Guest_thatman_*
Posted 20 February 2005 - 09:29 PM

Guest_thatman_*
  • Guest
Hi gldneye

Please boot into safemode and remove the following files and folder if found

C:\WINDOWS\system32\FLEOK<--Delete this file if found

C:\keys.ini<--Delete this folder if found

C:\WINDOWS\system32\DealHelper<--Delete this file if found

C:\DOCUME~1\LH\LOCALS~1\Temp\dummy.htm<--Delete this file if found

C:\WINDOWS\system32\reg6523.exe<--Delete this file if found

C:\WINDOWS\system32\Winlspak.dll<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\akcore.dll<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\akrules.dll<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\bw2.com<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\thnall1b.exe<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\drpE5.tmp<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\iBE.tmp<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\iDC.tmp<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\SskUpdater.exe<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\ <--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\btgrab.inf<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\BTGrab.dll<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\polall1b.exe<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\btgrab.cab<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\IExploreSkins.exe<--Delete this file if found

C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab<--Delete this file if found

C:\WINDOWS\SYSTEM32\akcore.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\akrules.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\akupd.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\docore.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\dolsp.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\dosync.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\mscb.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\cashback.exe<--Delete this file if found

C:\WINDOWS\SYSTEM32\cb.exe<--Delete this file if found

C:\WINDOWS\SYSTEM32\flash.exe<--Delete this file if found

C:\WINDOWS\SYSTEM32\psis80ex.ax<--Delete this file if found

C:\WINDOWS\SYSTEM32\wincoreak.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\winlspak.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\winrulesak.dll<--Delete this file if found

C:\WINDOWS\SYSTEM32\winupdak.dll<--Delete this file if found

C:\WINDOWS\Temp\bw2.com<--Delete this file if found

C:\WINDOWS\Temp\wincoreak.dll<--Delete this file if found

C:\WINDOWS\Temp\winlspak.dll<--Delete this file if found

C:\WINDOWS\Temp\winrulesak.dll<--Delete this file if found

Reboot post a new HJT.Log

Kc
  • 0

#28
gldneye
Posted 20 February 2005 - 11:27 PM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thatman,

I removed everything, except:

C:\keys.ini
C:\Documents and Settings\LH\Local Settings\Temp\polall1b.exe
C:\Documents and Settings\LH\Local Settings\Temp\btgrab.inf
C:\Documents and Settings\LH\Local Settings\Temp\BTGrab.dll
C:\WINDOWS\SYSTEM32\mscb.dll
C:\WINDOWS\SYSTEM32\cashback.exe
C:\WINDOWS\SYSTEM32\flash.exe

These were tho ones I did not find. I found keys/configuration settings, would that be the one to remove instead of keys.ini?

Latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:17:06 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Launchboard\lnchbrd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\LH\LOCALS~1\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LaunchBoard] C:\Program Files\Launchboard\lnchbrd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} (NMInstall Control) - http://profile.homes....0_HOMESCAN.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


After all this, I still got the warning of SearchMiracle/EliteBar trying to be installed.

Also, there are two separate users. Does it have anything to do not getting rid of the bad stuff?

Thanks,
gldneye
  • 0

#29
gldneye
Posted 21 February 2005 - 12:09 AM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Latest Panda scan log:

Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/MyDailyHoroscopeNo disinfected C:\DOCUME~1\LH\LOCALS~1\Temp\dummy.htm
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\reg6523.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Winlspak.dll
Adware:Adware/Otx No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[cumctl32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[KNDAZEL.DLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[mvj8l91u1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[uvhisapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\LH\Desktop\l2mfix\backup.zip[guard.tmp]
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\LH\Local Settings\Temp\akrules.dll
Adware:Adware/CWS.008k No disinfected C:\Documents and Settings\LH\Local Settings\Temp\bw2.com
Adware:Adware/Transponder No disinfected C:\Documents and Settings\LH\Local Settings\Temp\drpE5.tmp\thnall1b.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iBE.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\iDC.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\LH\Local Settings\Temp\SskUpdater.exe
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[btgrab.inf]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[BTGrab.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.cab[polall1b.exe]
Adware:Adware/BTGrab No disinfected C:\Documents and Settings\LH\Local Settings\Temp\THI6A06.tmp\btgrab.inf
Adware:Adware/WinTools No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\LH\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\LH\Local Settings\Temp\uninstall.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[radio.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\OP\Local Settings\Temp\Toolbar3.cab[toolbar.dll]
Adware:Adware/Coupons No disinfected C:\Program Files\backups\backup-20050102-113331-252.dll
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2AF8449E-BEEA-486A-865D-25C91A\F97781DE-BB89-4070-86EF-0AE2DE
Adware:Adware/QoolAid No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4A8E89E6-3A94-4CE5-85AC-411ABF\4BF1EDA3-7BA2-4C6F-9EFD-688DF6
Spyware:Spyware/Virtumonde No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\63AC9119-F0DC-46A6-8C1A-D353F2\D3BE4158-E32B-49D9-A7CE-552605
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A92B55C4-539C-443F-BCC7-0F2D95\29C35104-774E-4003-B34B-F27531
Adware:Adware/eZula No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C1A10D06-45F7-4D3E-A84D-7BF7E4\49586524-C0B6-40CC-A20C-661BB8
Adware:Adware/EliteBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D515B90F-FC60-4C73-84CD-969FB6\5E649947-982C-4B05-B392-DE7ADD
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\plgiki.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akrules.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akupd.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dolsp.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\SYSTEM32\dosync.dll
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winrulesak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\winupdak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\bw2.com
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\wincoreak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winlspak.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\winrulesak.dll
  • 0

#30
gldneye
Posted 21 February 2005 - 12:10 AM

gldneye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
How come thing are still showing up, even though I removed them?

Thanks,
gldneye
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP