Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinHound Has Infected My Computer [RESOLVED]

Started by xFrenzYx , Dec 10 2005 06:15 PM

  • This topic is locked This topic is locked

#1
xFrenzYx
Posted 10 December 2005 - 06:15 PM

xFrenzYx

    Member

  • Member
  • PipPip
  • 19 posts
I'm not sure how I got the thing, I just restarted my computer and it started up.

The only thing i've noticed so far is that the WinHound spyware scan program popped up and started running autmatically.. i closed out of it. And also my wallpaper was replaced with one of those "You're computer is Infected... Click here to view a list of top spyware removes" things.

Edited by xFrenzYx, 10 December 2005 - 06:20 PM.

  • 0

Advertisements

#2
xFrenzYx
Posted 10 December 2005 - 06:16 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here's my HiJack This! Scan Results.

Logfile of HijackThis v1.99.1
Scan saved at 6:10:27 PM, on 12/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Alex\My Documents\MalwareRemoval\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alex\Application Data\Mozilla\Profiles\default\dzyayqej.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\q297687.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\q297687.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus....8/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...all_dpm1001.cab
O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokem...karClientIE.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0022.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\q297687.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#3
Antartic-Boy
Posted 14 December 2005 - 04:42 PM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
Hi xFrenzYx, and welcome to Geeks to Go.

I'm currently analyzing your log, and will post instructions to start with the clean up soon :tazz: .
  • 0

#4
Antartic-Boy
Posted 15 December 2005 - 08:21 AM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
-----------------------1

You have a CoolWebSearch infection.

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

-----------------------2

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode..

-----------------------3

Please scan your system with Ad-aware:

Ad-aware SE - Download - Home Page
If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Once the definitions have been updated:

Reconfigure Ad-Aware for Full Scan as per the following instructions:
  • Launch the program, and click on the Gear at the top of the start screen.
  • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
    • "Automatically save logfile"
    • Automatically quarantine objects prior to removal"
    • Safe Mode (always request confirmation)
    • Prompt to update outdated confirmation) - Change to 7 days.
  • Click the "Scanning" button (On the left side).
  • Under Drives & Folders, select "Scan within Archives"
  • Click "Click here to select Drives + folders" and select your installed hard drives.
  • Under Memory & Registry, select all options.
  • Click the "Advanced" button (On the left hand side).
  • Under "Shell Integration", select "Move deleted files to Recycle Bin".
  • Under "Log-file detail", select all options.
  • Click on the "Defaults" button on the left.
  • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
  • Click the "Tweak" button (Again, on the left hand side).
  • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
    • "Unload recognized processes during scanning."
    • "Obtain command line of scanned processes"
    • "Scan registry for all users instead of current user only"
  • Under "Cleaning Engine", select the following:
    • "Automatically try to unregister objects prior to deletion."
    • "During removal, unload explorer and IE if necessary"
    • "Let Windows remove files in use at next reboot."
    • "Delete quarrantined objects after restoring"
  • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
  • Click on "Proceed" to save these Preferences.
  • Click on the "Scan Now" button on the left.
  • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
Close all programs except ad-aware.
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

-----------------------4

Now please delete this file using Microsoft explorer (if present):
To run Microsoft explorer please go to Start -> Run -> type in explorer -> click on OK button

C:\WINDOWS\adsldpbe.dll

-----------------------5

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: C:\WINDOWS\q297687.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\q297687.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus....8/installer.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0022.exe
O20 - Winlogon Notify: st3 - C:\WINDOWS\q297687.dll (file missing)

Now close all windows and browsers other than HiJackThis, then click Fix Checked.
Close HijackThis.

-----------------------6

Download and install CleanUp! Here

Now open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

-----------------------7

Now please follow these instructions:
  • Run this online virus scan: ActiveScan
  • Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the entire contents of the log.txt file in the aproposfix folder..

  • 0

#5
xFrenzYx
Posted 16 December 2005 - 05:04 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
First I would like to say thanks for the help, but I'm experiancing a problem. Whenever I try to run "ActiveScan".. it starts off fine, but once it gets to my Adobe Photoshop 7.0.. it freezes. I'm not sure if it's frozen or it's just supposed to take like 20 minutes and i'm not patient enough, but I'd like to know. Thanks.
  • 0

#6
Antartic-Boy
Posted 16 December 2005 - 08:05 PM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts

First I would like to say thanks for the help, but I'm experiancing a problem. Whenever I try to run "ActiveScan".. it starts off fine, but once it gets to my Adobe Photoshop 7.0.. it freezes. I'm not sure if it's frozen or it's just supposed to take like 20 minutes and i'm not patient enough, but I'd like to know. Thanks.


Please be patient and let it finnish.. It can last for more than 20 min., so please don't do anything while it's scaning.. If this doesn't work please let me know so I will give you another scaner..
  • 0

#7
xFrenzYx
Posted 17 December 2005 - 04:11 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, I've done everything you told me to, except for the part where I was supposed to delete C:\WINDOWS\adsldpbe.dll . There was no file there with that name. Here are my other logs.

Aproposfix-

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Alex\Desktop\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!
-------------------------------------------------------
HiJackThis!

Logfile of HijackThis v1.99.1
Scan saved at 4:06:46 PM, on 12/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alex\My Documents\MalwareRemoval\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alex\Application Data\Mozilla\Profiles\default\dzyayqej.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...all_dpm1001.cab
O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokem...karClientIE.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

---------------------------------------------------------------------------
Activescan


Incident Status Location

Dialer:dialer.vz Not disinfected C:\WINDOWS\SYSTEM32\defaulttxt.dat
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\fiz1
Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM32\ptainfo1.ico
Adware:adware/miamore Not disinfected C:\WINDOWS\SYSTEM32\st3.dll
Adware:adware/wupd Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.inf
Adware:adware/elitebar Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\OSD149F.OSD
Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sporder_.dll
Adware:adware/popmonster Not disinfected C:\Documents and Settings\Alex\Favorites\INTERNET TOOLS\Internet Privacy Software.url
Adware:adware/psguard Not disinfected C:\WINDOWS\warnhp.html
Spyware:spyware/apropos Not disinfected C:\PROGRAM FILES\SysAI
Adware:adware/delfinmedia Not disinfected C:\WINDOWS\SYSTEM32\pcs
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Alex\Application Data\Lycos
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-52d9fa17-22ac81fb.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-52d9fa17-22ac81fb.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-52d9fa17-22ac81fb.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-52d9fa17-22ac81fb.zip[Installer.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-44d45e98.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-1396e62a.zip[InstallerApplet.class]
Virus:VBS/Psyme.X Not disinfected C:\hardmansp.chm[1.htm]
Adware:Adware/CWS.Aboutblank Not disinfected C:\hardmansp.chm[on-line.exe]
Adware:Adware/WinHound Not disinfected C:\Program Files\WinHound\WinHound.exe
Adware:Adware/WinHound Not disinfected C:\Program Files\WinHound\WL.dll
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.inf
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS1402.exe
Virus:Trojan Horse Not disinfected C:\WINDOWS\Downloaded Program Files\mm19.INF
Adware:Adware/MyDailyHoroscopeNot disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Adware:Adware/Miamore Not disinfected C:\WINDOWS\q387546.dll
Adware:Adware/Miamore Not disinfected C:\WINDOWS\q462765.dll
Adware:Adware/Miamore Not disinfected C:\WINDOWS\system32\st3.dll

Hope I did things right! Thanks!
  • 0

#8
Antartic-Boy
Posted 18 December 2005 - 04:31 AM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
-----------------------1

You have a CoolWebSearch infection.

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

-----------------------2

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Now download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
Ewido Download link

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:

O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho...all_dpm1001.cab

Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

-----------------------3

Now please remove these programs from "Add/Remove programs" (if present):
To run Add/Remove programs please go to Start -> "Control Panel" -> "Add/Remove programs"

ShopAtHomeSelect Agent
WinHound
SysAI
ISTBar

-----------------------4

OK, now please follow these instructions:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\defaulttxt.dat
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\ptainfo1.ico
C:\WINDOWS\SYSTEM32\st3.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\OSD149F.OSD
C:\WINDOWS\DOWNLOADED PROGRAM FILES\sporder_.dll
C:\Documents and Settings\Alex\Favorites\INTERNET TOOLS\Internet Privacy Software.url
C:\WINDOWS\warnhp.html
C:\PROGRAM FILES\SysAI
C:\WINDOWS\SYSTEM32\pcs
C:\Documents and Settings\Alex\Application Data\Lycos
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-52d9fa17-22ac81fb.zip
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-44d45e98.zip
C:\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-1396e62a.zip
C:\hardmansp.chm
C:\Program Files\WinHound\
C:\WINDOWS\Downloaded Program Files\ActiveX.inf
C:\WINDOWS\Downloaded Program Files\gdnUS1402.exe
C:\WINDOWS\Downloaded Program Files\mm19.INF
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\q387546.dll
C:\WINDOWS\q462765.dll
C:\WINDOWS\system32\st3.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

-----------------------5

Now please follow these instructions:
  • Generate uninstall list
  • Reopen HijackThis
  • Click on Config
  • Go to Misc Tools
  • Click the Open Uninstall Manager button
  • Click on Save list... and save it on Desktop
  • Generate startup list
  • Go to Misc Tools
  • Check the List also minor sections (full) checkbox
  • Click the Generate StartupList log button
  • Copy all the text and post it here along with the Uninstall list..
  • Close HijackThis..
Run this online virus scan: ActiveScan

Post the contents of the ActiveScan report, along with a new HijackThis Log, the contents of smitfiles.txt, the Ewido Log and both Uninstall List and StartUp List by using Add Reply.
Let us know if any problems persist.
  • 0

#9
xFrenzYx
Posted 18 December 2005 - 02:23 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Before I started the ActiveScan I wanted to say some things that I have no idea if they matter or not.

1. The CWshredder said I didn't have a CoolWebSearch Virus and I believe that's what you said I had.

2. After rebooting the computer into Safe Mode for the 2nd time, i didn't know when to reboot it back into regular windows so I did when it restarted with Killbox.

3. And finally, none of those things were on my "Add Or Remove Programs" and the Secuirty Info wasn't present on my Customize Desktop options.

EDIT:::

Ok About the Security Thing.. It wasn't the Security Info but a "Warning Homepage" That I had to remove.. So I got my regular desktop back. The only thing now is that the WinHound is still there.

EDIT2:::

Hehe, now that I'm in regular mode, I found WinHound on my list of programs, however the other three are still not there. I need to run ActiveScan and get those other things pasted. I'll let you know if i have anymore problems! Thanks!

Edited by xFrenzYx, 18 December 2005 - 02:32 PM.

  • 0

#10
Antartic-Boy
Posted 18 December 2005 - 04:01 PM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts

The CWshredder said I didn't have a CoolWebSearch Virus and I believe that's what you said I had.


It's OK, I just wanted to be sure that there is no parts left from this infection..

After rebooting the computer into Safe Mode for the 2nd time, i didn't know when to reboot it back into regular windows so I did when it restarted with Killbox.


You are correct..

Hehe, now that I'm in regular mode, I found WinHound on my list of programs


You are a smart one :tazz: ..

Edited by Antartic-Boy, 18 December 2005 - 04:09 PM.

  • 0

#11
xFrenzYx
Posted 19 December 2005 - 05:14 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ActiveScan:


Incident Status Location

Dialer:dialer.vz Not disinfected C:\WINDOWS\SYSTEM32\html.dat
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:adware/popmonster Not disinfected C:\Documents and Settings\Alex\Favorites\INTERNET TOOLS\Online Virus Scan.url
Spyware:spyware/apropos Not disinfected C:\PROGRAM FILES\SysAI
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Alex\Application Data\Lycos
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/WUpd Not disinfected C:\!KillBox\ActiveX.inf
Virus:VBS/Psyme.X Not disinfected C:\!KillBox\hardmansp.chm[1.htm]
Adware:Adware/CWS.Aboutblank Not disinfected C:\!KillBox\hardmansp.chm[on-line.exe]
Virus:Exploit/ByteVerify Not disinfected C:\!KillBox\ie0502b.jar-52d9fa17-22ac81fb.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\!KillBox\ie0502b.jar-52d9fa17-22ac81fb.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\!KillBox\ie0502b.jar-52d9fa17-22ac81fb.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\!KillBox\ie0502b.jar-52d9fa17-22ac81fb.zip[Installer.class]
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\javainstaller.jar-3c936701-44d45e98.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\javainstaller.jar-5aa0b436-1396e62a.zip[InstallerApplet.class]
Virus:Trojan Horse Not disinfected C:\!KillBox\mm19.INF
Adware:Adware/MyDailyHoroscopeNot disinfected C:\!KillBox\setup.inf
_____________________________________________________

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:11:00 PM, on 12/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\My Documents\MalwareRemoval\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alex\Application Data\Mozilla\Profiles\default\dzyayqej.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokem...karClientIE.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
______________________________________________________

Ewido Log

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:59:15 PM, 12/18/2005
+ Report-Checksum: B4FB4FC4

+ Scan result:

:mozilla.6:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\2mdm7wp5.Alex\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\2mdm7wp5.Alex\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\2mdm7wp5.Alex\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adtrak : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.744:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\oa7lob58.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Cleaned with backup
C:\Program Files\WinHound\CWrapper.dll -> Adware.PSGuard : Cleaned with backup
C:\Program Files\WinHound\WinHound.exe -> Adware.PSGuard : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS1402.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\q387546.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q462765.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup


::Report End
___________________________________________________

Edited by xFrenzYx, 19 December 2005 - 05:15 PM.

  • 0

#12
xFrenzYx
Posted 19 December 2005 - 05:16 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Startup List:

StartupList report, 12/18/2005, 2:13:27 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Alex\My Documents\MalwareRemoval\hjt\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Alex\My Documents\MalwareRemoval\hjt\HijackThis.exe
C:\WINDOWS\System32\notepad.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /installquiet
ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Lexmark X1100 Series = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
HostManager = C:\Program Files\Common Files\AOL\1133405433\ee\AOLSoftware.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Steam = "c:\program files\valve\steam\steam.exe" -silent
Aim6 =

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Registration reminder 1.job
Symantec NetDetect.job
XoftSpy.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by16fd.bay16....es/MsnPUpld.cab

[karCntrlIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\karClientIE.ocx
CODEBASE = http://karaoke.cokem...karClientIE.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[YahooYMailTo Class]
CODEBASE = http://us.dl1.yimg.c.../ymmapi_416.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
ASP.NET Admin Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Proxy Service: "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
Crypkey License: crypserv.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
Norton Internet Security Accounts Manager: "C:\Program Files\Norton Internet Security\NISUM.EXE" (autostart)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 13,535 bytes
Report generated in 0.641 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
______________________________________________________________________--

Uninstall List:

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0
Agere Systems AC'97 Modem
AOL Instant Messenger
AOL Setup
AOL Uninstaller (Choose which Products to Remove)
AT&T Worldnet Setup
ATI Control Panel
CC_ccStart
ccCommon
CleanUp!
Decal Converter
DivX
DivX Player
Drag'n Drop CD+DVD
DVgate Plus
EarthLink Setup
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 3
Lexmark X1100 Series
LimeWire PRO 4.9.37
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Shockwave Player
Memory Stick Formatter
Microsoft .NET Framework 2.0 Beta
Microsoft AntiSpyware
Microsoft Learning and Research Plus Support Files
Microsoft Picture It! Express 7.0
Microsoft Works 7.0
Mozilla Firefox (1.0.4)
MSN Internet Software
MSN Messenger 7.0
MSRedist
Music Visualizer Library 1.4.00
Netscape (7.02)
NoAdware v3.0
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 4.1-05-14-24-01
OpenMG Secure Module 4.1.00
Outlook Express Update Q330994
Panda ActiveScan
Pocket RAR documentation
PowerDVD
Quicken 2003 New User Edition
QuickTime
Shockwave
ShortKeys Lite
SonicStage 3.1
Sony Certificate PCH
Sony on Yahoo! Essentials
Sony Video Shared Library
Spybot - Search & Destroy 1.4
Steam
Steam™
SurferNETWORK Player
SWiSH v2.0
Symantec Script Blocking Installer
SymNet
The Omega Syndrome 1.99
Turbo Tax Offer
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
Ventrilo Client
Viewpoint Media Player
Welcome to VAIO life
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887811
Windows XP Hotfix - KB889293
WinHound spyware remover
WinMX
WinRAR archiver
Xfire (remove only)
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Yahoo! Messenger

Ok that should be all of it. :-)
  • 0

#13
Antartic-Boy
Posted 20 December 2005 - 12:44 PM

Antartic-Boy

    Visiting Staff

  • Visiting Consultant
  • 1,120 posts
-----------------------1

Now please remove these programs from "Add/Remove programs" (if present):
To run Add/Remove programs please go to Start -> "Control Panel" -> "Add/Remove programs"

NoAdware v3.0
WinHound spyware remover

Now please delete these files & folders using Microsoft explorer (if present):
To run Microsoft explorer please go to Start -> Run -> type in explorer -> click on OK button

C:\WINDOWS\SYSTEM32\html.dat
C:\WINDOWS\SYSTEM32\kyf.dat
C:\PROGRAM FILES\SysAI\
C:\Documents and Settings\Alex\Application Data\Lycos\
C:\!KillBox\

-----------------------2

Now open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

----------------------->

OK, now let get the latest updates for your OS:

Start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Great job it appears your logfile is clean :tazz: .

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#14
xFrenzYx
Posted 20 December 2005 - 10:34 PM

xFrenzYx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks dude! I think i got it all! i'll tell you if i have any more problems but i dont think i should! I'm Very Greatful!! Happy Holidays! Thanks so much!
  • 0

#15
therock247uk
Posted 23 December 2005 - 09:54 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP