Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still Trying to get rid of Winfixer [RESOLVED]

Started by metaslob , Mar 13 2006 08:34 PM

  • This topic is locked This topic is locked

#1
metaslob
Posted 13 March 2006 - 08:34 PM

metaslob

    Member

  • Member
  • PipPip
  • 55 posts
These have bothered me for six months or so, it's my third time here. I can't get, Adevertisitn.com, Avenue A, Inc., DoubleClick, FastClick, HitBox, Hotsearchbar, MediaPlex, TargetNet, ValueClick, Web Trends Live and Winfixer to go away from Spybots search.
So, here is the Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 03:34:14, on 14.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programfiler\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programfiler\iTunes\iTunes.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe
C:\Programfiler\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BHR 1.1] C:\Programfiler\Zamaan's Software\Browser Hijack Retaliator\Browser Hijack Retaliator 1.1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FELLES~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements

#2
Trevuren
Posted 13 March 2006 - 08:40 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi metaslob and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HJT log.

    Regards,

    Trevuren

  • 0

#3
metaslob
Posted 13 March 2006 - 09:45 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Spy Sweeper Summary:
********
04:06: | Start of Session, 14. mars 2006 |
04:06: Spy Sweeper started
04:06: Sweep initiated using definitions version 632
04:06: Starting Memory Sweep
04:13: Memory Sweep Complete, Elapsed Time: 00:06:58
04:13: Starting Registry Sweep
04:13: Registry Sweep Complete, Elapsed Time:00:00:11
04:13: Starting Cookie Sweep
04:13: Found Spy Cookie: belnk cookie
04:13: anne@belnk[1].txt (ID = 2292)
04:13: Found Spy Cookie: ccbill cookie
04:13: anne@ccbill[1].txt (ID = 2369)
04:13: [email protected][2].txt (ID = 2293)
04:13: Found Spy Cookie: server.iad.liveperson cookie
04:13: [email protected][1].txt (ID = 3341)
04:13: Cookie Sweep Complete, Elapsed Time: 00:00:06
04:13: Starting File Sweep
04:39: Warning: Unhandled Archive Type
04:39: Warning: Invalid Stream
04:39: Warning: Invalid Stream
04:42: File Sweep Complete, Elapsed Time: 00:29:16
04:42: Full Sweep has completed. Elapsed time 00:36:34
04:42: Traces Found: 4
04:44: Removal process initiated
04:44: Quarantining All Traces: belnk cookie
04:44: Quarantining All Traces: ccbill cookie
04:44: Quarantining All Traces: server.iad.liveperson cookie
04:44: Removal process completed. Elapsed time 00:00:02
********
04:03: | Start of Session, 14. mars 2006 |
04:03: Spy Sweeper started
04:04: Your spyware definitions have been updated.
04:06: | End of Session, 14. mars 2006 |

Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 04:45:48, on 14.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programfiler\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programfiler\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BHR 1.1] C:\Programfiler\Zamaan's Software\Browser Hijack Retaliator\Browser Hijack Retaliator 1.1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FELLES~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#4
Trevuren
Posted 13 March 2006 - 09:57 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I am sorry if I am asking you to run this program again but I really have no choice.

Please update your Ewido definitions and run the program in Safe Mode. Please keep the log

Reboot your system

Post a fresh HJT log along with your Ewido log


Note: Please tell me what scan is telling you you have this malware? It may help me remedy the problem quicker.

Regards,

Trevuren

Edited by Trevuren, 13 March 2006 - 09:58 PM.

  • 0

#5
metaslob
Posted 13 March 2006 - 11:39 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Let's see, the program that keeps telling me I have these infections is, Spybot - Search & Destroy.
But there is also a pop-up command coming every now and then, that redirects me to the winfix website. The wierd thing is, I tried both the vundoFix and virtumundobegone, and they detect nothing... :tazz:

anyway, here is the result from the ewido search:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 06:21:24, 14.03.2006
+ Report-Checksum: A3F7E487

+ Scan result:

C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies-1.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.510:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Anne\Programdata\Mozilla\Firefox\Profiles\2e5z82m5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup


::Report End

hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 06:38:37, on 14.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programfiler\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Apoint\Apntex.exe
C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Programfiler\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BHR 1.1] C:\Programfiler\Zamaan's Software\Browser Hijack Retaliator\Browser Hijack Retaliator 1.1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonu...key/ITCDKey.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FELLES~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#6
Trevuren
Posted 13 March 2006 - 11:59 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I guess we had better look for a rootkit.

Download and Save Blacklight to your desktop:
  • Double-click blbeta.exe
  • Accept the agreement and click NEXT.
  • In the following window, click SCAN
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Do not proceed with step #2 or choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Regards,

Trevuren
  • 0

#7
metaslob
Posted 14 March 2006 - 12:02 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
hm, it didn't detect anything

03/14/06 07:00:38 [Info]: BlackLight Engine 1.0.33 initialized
03/14/06 07:00:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/14/06 07:00:39 [Note]: 7019 4
03/14/06 07:00:39 [Note]: 7005 0
03/14/06 07:00:48 [Note]: 7006 0
03/14/06 07:00:48 [Note]: 7011 1636
03/14/06 07:00:48 [Note]: FSRAW library version 1.7.1015
  • 0

#8
Trevuren
Posted 14 March 2006 - 12:21 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Event hough the speech is the same as the ordinary Vundo, the tool is slightly different.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Regards,

Trevuren
  • 0

#9
metaslob
Posted 14 March 2006 - 05:34 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
It didn't detect anything either.

I took a screenshot of the spybot results, the same problems came up after I had "cleaned" them.

Also, this pops up every now and then (it's been a while now tho), I don't know if it has any relevance or not.

Edited by metaslob, 14 March 2006 - 06:31 AM.

  • 0

#10
Trevuren
Posted 14 March 2006 - 11:28 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Remember to clean both Internet Explorer, and Firefox. Clean everything.


Now run Spybot


Regards,

Trevuren
  • 0

Advertisements

#11
metaslob
Posted 14 March 2006 - 11:45 AM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I use Firefox, and yet it's not possible for me to click it.
  • 0

#12
Trevuren
Posted 14 March 2006 - 12:03 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
So I guess you will have to go in and manually delete those cookies. If you have trouble figuring ouy which are which, delete them all.


Regards,

Trevuren
  • 0

#13
metaslob
Posted 14 March 2006 - 01:41 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I've deleted every cookie in every cookie-folder I've found, but still... they show up on spybot!
  • 0

#14
Trevuren
Posted 14 March 2006 - 02:27 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Try to see if they are in the Spybot Recovery section? If they are, delete them. If not,

*Update your SpySweeper definitions and run SpySweeper. Please post the log

Note: Have I ever told you that I don't like Spybot. It is often quirky and sometimes picks out items that are but traces. It is a tool of last resort for me, personally.


Trevuren

Edited by Trevuren, 14 March 2006 - 02:28 PM.

  • 0

#15
metaslob
Posted 17 March 2006 - 06:21 PM

metaslob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
sorry it took so long. There weren't anything in spybots recovery, this is what the spysweeper search brought up:

********
00:39: | Start of Session, 18. mars 2006 |
00:39: Spy Sweeper started
00:39: Sweep initiated using definitions version 635
00:39: Starting Memory Sweep
00:45: Memory Sweep Complete, Elapsed Time: 00:05:15
00:45: Starting Registry Sweep
00:45: Registry Sweep Complete, Elapsed Time:00:00:12
00:45: Starting Cookie Sweep
00:45: Found Spy Cookie: adtech cookie
00:45: anne@adtech[2].txt (ID = 2155)
00:45: Cookie Sweep Complete, Elapsed Time: 00:00:09
00:45: Starting File Sweep
01:18: File Sweep Complete, Elapsed Time: 00:33:01
01:18: Full Sweep has completed. Elapsed time 00:38:42
01:18: Traces Found: 1
01:20: Removal process initiated
01:20: Quarantining All Traces: adtech cookie
01:20: Removal process completed. Elapsed time 00:00:02
********
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP