Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

winfixer [RESOLVED]

Started by sus , Mar 20 2006 08:11 PM

This topic is locked

#16
lovethepirk

Posted 01 April 2006 - 03:07 PM

Visiting Staff

Member
528 posts

No that is not the log we are looking for. Let's keep trying

Double click HidjackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here.

***if the log tries to open in Adobe just close it...
Then go into the folder where you have HiJackThis.exe saved and right-click on "HiJackThis.log" and go to Open With > Choose Program. When the window opens, click to highlight Notepad, then put a check next to "Always Use Selected Program to open this kind of file". Click OK.
Then copy and paste the log for me.

Edited by lovethepirk, 01 April 2006 - 03:15 PM.

#17
sus

Posted 02 April 2006 - 03:49 PM

Member

Topic Starter
Member
15 posts

I think I got it!!!

Logfile of HijackThis v1.99.1
Scan saved at 05:39:21 PM, on 04/02/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f317.mail....d=9ked8mfvpsd79
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.arcadetow...mjolauncher.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...n9x/AvSniff.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37680.cab

:whistling:

#18
lovethepirk

Posted 02 April 2006 - 10:40 PM

Visiting Staff

Member
528 posts

Nice work

Your log looks clean, let's just free up several programs that do not need to be loaded everytime the computer reboots and then run a virus scan online.

Scan with HijackThis again and place a check next to these items:

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Close all other windows except HijackThis, and hit Fix Checked

Please run the Panda scan here:
http://www.pandasoft.../activescan.htm

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your some of your personal information
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the Panda scan for me :blink:

Thanks,

LTP

#19
sus

Posted 03 April 2006 - 11:06 AM

Member

Topic Starter
Member
15 posts

Here is the panda scan. I noticed that all the addware is from care2. I have email there and I also did the greenthumb thing they have so I can send their cards. Do I need to get read of both of them? How bad is their "snooping". I will be glad to get read of it if you say so.

Another thing, are these cookies that I get all the time? Do they go away when I delete the cookies and temp things?
Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM\khffe.dll
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\susan d richardson@questionmarket[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\susan d richardson@2o7[2].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\susan d richardson@com[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\susan d richardson@statcounter[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\susan d richardson@serving-sys[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\susan d richardson@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\susan d richardson@revenue[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\susan d richardson@realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\susan d richardson@2o7[1].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\susan d richardson@revenue[3].txt
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\c.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bo.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\m.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\x.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\y.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\be.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bf.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cd.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cr.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\da.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\de.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dv.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dm.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dy.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dt.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\h.class

#20
lovethepirk

Posted 03 April 2006 - 02:38 PM

Visiting Staff

Member
528 posts

Yes those cookies will go away when you flush them out

Try this...clean out temporary files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

That Care2GTU program is okay. All the files that were found from the Care program are false positives. I was initially mistaken but one of our experts confirmed that they are not malicious at all :whistling:

1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".
3) Then Click the "Single File" button.

4) Copy the file names below to the clipboard by highlighting everything inside the quote box and then pressing Control-C:

C:\WINDOWS\SYSTEM\khffe.dll

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.

After the reboot run the panda scan again from my above instructions in the last post.

Post the log for me because I want to make sure we got that one nasty file.

Regards,

LTP

Edited by lovethepirk, 03 April 2006 - 06:36 PM.

#21
sus

Posted 04 April 2006 - 10:49 AM

Member

Topic Starter
Member
15 posts

Here is Panda II

I noticed a cookie from real media. I deleted the real player---how am I getting cookies?

Incident Status Location

Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\susan d richardson@questionmarket[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\susan d richardson@2o7[2].txt
Spyware:Cookie/Falkag Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\susan d richardson@com[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\susan d richardson@statcounter[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\susan d richardson@serving-sys[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\susan d [email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\susan d richardson@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\susan d richardson@revenue[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\susan d richardson@realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\susan d richardson@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\susan d [email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\susan d richardson@revenue[3].txt
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\c.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bo.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\m.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\x.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\y.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\be.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bf.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cd.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cr.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\da.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\de.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dv.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dm.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dy.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\dt.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\Care2GTU\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\Care2GTU\System\Code\h.class
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khffe.dll

Edited by sus, 04 April 2006 - 10:52 AM.

#22
lovethepirk

Posted 05 April 2006 - 04:01 PM

Visiting Staff

Member
528 posts

Those cookies are not really hurting you. Delete them like this:

*In Control Panel , double-click Internet Options.
*On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
*Click OK.

RealMedia is different that Real Player in case that makes a difference to you.

Post one last HJT log for me and I can send you off with some ending protectionary programs to help safe guard you from any problems in the future.

You look good now :whistling:

LTP

#23
sus

Posted 07 April 2006 - 06:41 PM

Member

Topic Starter
Member
15 posts

Ahhh! I finally got it right. I forgot how to do it (even though I reread your directiosn!!!) so I saved it,
opened notepad and dragged it there.

Logfile of HijackThis v1.99.1
Scan saved at 08:24:03 PM, on 04/07/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\TOOLS\LIVEUPDATE\LIVEUPDATE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f317.mail....d=9ked8mfvpsd79
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.arcadetow...mjolauncher.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...n9x/AvSniff.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

#24
lovethepirk

Posted 08 April 2006 - 06:24 PM

Visiting Staff

Member
528 posts

sus,

you look good, just a minor thing we need to fix...

Scan with HijackThis again and place a check next to these items:

O4 - Startup: PowerReg Scheduler V3.exe

Close all other windows except HijackThis, and hit Fix Checked

This is my "Ending Protection" post. Now that you appear to be clean it is important to tighten up your defenses. Take a look at these programs for some more protection.
You should only run one Antivirus and Firewall at a time though.
Prevention is the most important part of my job.

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupd...t.aspx?ln=en-us
http://www.microsoft.../ie/default.asp
Run your antivirus software regularly, and to keep its definitions up-to-date.
In addtion to using Ad-aware consider using another free malware scanning/removal program:
Adaware SE: http://www.download....ubj=dl&tag=top5
Spybot S&D: http://www.download....tml?tag=lst-0-1
MS Antispyware beta: http://www.microsoft...re/default.mspx
Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: http://www.mozilla.o...oducts/firefox/
Opera: http://www.opera.com/
Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacools...ywareguard.html
SpywareBlaster will increase browser protection by blocking hundreds of known malware sites by adding them to IE's restricted sites zone. Download it here: http://www.javacools...areblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
http://www.spywarewa...uc/resource.htm
The simplest way to install IE-SPYAD is to use the installation batch file utility (INSTALL.BAT), which you can find in the main IE-SPYAD directory after you extract IE-SPYAD's files from the .ZIP or .EXE file you downloaded. Simply double-click on INSTALL.BAT to run the installation utility and follow the prompts.

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis.

Regards,

LTP

#25
sus

Posted 12 April 2006 - 05:53 PM

Member

Topic Starter
Member
15 posts

Thank you so much. :whistling:

Sus

#26
lovethepirk

Posted 13 April 2006 - 07:02 PM

Visiting Staff

Member
528 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.