Tech Support Forum - View Single Post

trainerma · 07-08-2005, 02:07 PM

OK...I did what you said and now I have a white screen and I can not go to my display options. The good news is that the virus is no longer atached to my wininet.dll file...Thanks for that...what can I do to fix my desktop???
You guys are awesome...thanks...
here are my logs...
Logfile of HijackThis v1.99.1
Scan saved at 1

37 PM, on 7/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:31:13 PM, 7/8/2005
+ Report-Checksum: DB25F73

+ Scan result:

C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-457b0654.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\temp.fr5D4E\mybar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Internet Explorer\ggntcrid.exe -> TrojanDownloader.Agent.eq : Cleaned with backup
C:\Program Files\Online Services\AOL90US\comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\RECYCLER\NPROTECT\00186920.exe -> TrojanDownloader.Small.bbc : Cleaned with backup
C:\RECYCLER\NPROTECT\00187467.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00187470.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00187471.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00187473.TXT -> Spyware.Cookie.Adtech : Cleaned with backup
C:\RECYCLER\NPROTECT\00187474.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00187476.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00187477.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00187478.TXT -> Spyware.Cookie.Bfast : Cleaned with backup
C:\RECYCLER\NPROTECT\00187479.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\NPROTECT\00187481.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\NPROTECT\00187484.TXT -> Spyware.Cookie.Centrport : Cleaned with backup
C:\RECYCLER\NPROTECT\00187492.TXT -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\NPROTECT\00187494.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187495.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187496.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187497.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187498.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187499.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187500.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187501.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187502.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187503.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187504.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187505.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187506.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187507.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187508.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187509.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187511.TXT -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\NPROTECT\00187512.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187513.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00187514.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187515.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187516.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187518.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187521.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187522.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187523.TXT -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00187524.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\NPROTECT\00187528.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00187529.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00187530.TXT -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00187531.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00187533.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00187536.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00187538.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\NPROTECT\00187539.TXT -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\RECYCLER\NPROTECT\00187540.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187541.TXT -> Spyware.Cookie.Spylog : Cleaned with backup
C:\RECYCLER\NPROTECT\00187543.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\NPROTECT\00187544.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\RECYCLER\NPROTECT\00187545.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00187546.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00187547.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00187548.TXT -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187549.TXT -> Spyware.Cookie.Weborama : Cleaned with backup
C:\RECYCLER\NPROTECT\00187552.TXT -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00187553.TXT -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\RECYCLER\NPROTECT\00187554.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00187557.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00187560.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00187561.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\NPROTECT\00187563.TXT -> Spyware.Cookie.Adtech : Cleaned with backup
C:\RECYCLER\NPROTECT\00187564.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00187566.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00187567.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00187568.TXT -> Spyware.Cookie.Bfast : Cleaned with backup
C:\RECYCLER\NPROTECT\00187569.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\NPROTECT\00187571.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\NPROTECT\00187574.TXT -> Spyware.Cookie.Centrport : Cleaned with backup
C:\RECYCLER\NPROTECT\00187582.TXT -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\NPROTECT\00187584.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187585.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187586.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187587.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187588.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187589.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187590.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187591.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187592.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187593.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187594.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187595.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187596.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187597.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187598.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187599.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187601.TXT -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\NPROTECT\00187602.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187603.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\NPROTECT\00187604.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187605.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187606.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187608.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187611.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187612.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00187613.TXT -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00187614.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\NPROTECT\00187618.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00187619.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00187620.TXT -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00187621.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00187623.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00187626.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00187628.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\NPROTECT\00187629.TXT -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\RECYCLER\NPROTECT\00187630.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\NPROTECT\00187631.TXT -> Spyware.Cookie.Spylog : Cleaned with backup
C:\RECYCLER\NPROTECT\00187633.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\NPROTECT\00187634.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\RECYCLER\NPROTECT\00187635.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00187636.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00187637.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00187638.TXT -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00187639.TXT -> Spyware.Cookie.Weborama : Cleaned with backup
C:\RECYCLER\NPROTECT\00187642.TXT -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00187643.TXT -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\RECYCLER\NPROTECT\00187644.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\AIJLFJH.ini:jejzc -> TrojanDownloader.Agent.db : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx -> Not-A-Virus.VirTool.Collector : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wladesk99x.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ggntcrid.exe -> TrojanDownloader.Agent.eq : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\wladesk99x.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\gds5.dll -> TrojanDownloader.Small.azf : Cleaned with backup
C:\WINDOWS\ieyb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KPAPI32.DLL:anaci -> TrojanDownloader.Agent.db : Cleaned with backup
C:\WINDOWS\mdm.ini:wizbs -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\rblky.sys:merif -> TrojanDownloader.Agent.db : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup

::Report End

Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\SearchUpgrader
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\wupdsnff.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvm*.dll
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.???
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Spyware:Spyware/RXToolbar No disinfected C:\Program Files\RXToolBar
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Default User\Local Settings\Temp\obie.exe
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ODAVG5YR\dd[1].exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg
Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\wupdsnff.exe

07-08-2005, 02:07 PM	#3 (permalink)
trainerma Member Join Date: Jul 2005 Posts: 22 OS: xp	OK...I did what you said and now I have a white screen and I can not go to my display options. The good news is that the virus is no longer atached to my wininet.dll file...Thanks for that...what can I do to fix my desktop??? You guys are awesome...thanks... here are my logs... Logfile of HijackThis v1.99.1 Scan saved at 137 PM, on 7/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ewido security suite - Scan report --------------------------------------------------------- + Created on: 2:31:13 PM, 7/8/2005 + Report-Checksum: DB25F73 + Scan result: C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-4e340213-457b0654.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup C:\Documents and Settings\Default User\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Default User\Cookies\owner@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup C:\Documents and Settings\Default User\Local Settings\Temp\temp.fr5D4E\mybar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup C:\Program Files\Internet Explorer\ggntcrid.exe -> TrojanDownloader.Agent.eq : Cleaned with backup C:\Program Files\Online Services\AOL90US\comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup C:\RECYCLER\NPROTECT\00186920.exe -> TrojanDownloader.Small.bbc : Cleaned with backup C:\RECYCLER\NPROTECT\00187467.TXT -> Spyware.Cookie.2o7 : Cleaned with backup C:\RECYCLER\NPROTECT\00187470.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup C:\RECYCLER\NPROTECT\00187471.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup C:\RECYCLER\NPROTECT\00187473.TXT -> Spyware.Cookie.Adtech : Cleaned with backup C:\RECYCLER\NPROTECT\00187474.TXT -> Spyware.Cookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00187476.TXT -> Spyware.Cookie.Falkag : Cleaned with backup C:\RECYCLER\NPROTECT\00187477.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup C:\RECYCLER\NPROTECT\00187478.TXT -> Spyware.Cookie.Bfast : Cleaned with backup C:\RECYCLER\NPROTECT\00187479.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\RECYCLER\NPROTECT\00187481.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\RECYCLER\NPROTECT\00187484.TXT -> Spyware.Cookie.Centrport : Cleaned with backup C:\RECYCLER\NPROTECT\00187492.TXT -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\RECYCLER\NPROTECT\00187494.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187495.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187496.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187497.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187498.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187499.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187500.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187501.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187502.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187503.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187504.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187505.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187506.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187507.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187508.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187509.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187511.TXT -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\RECYCLER\NPROTECT\00187512.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187513.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup C:\RECYCLER\NPROTECT\00187514.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187515.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187516.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187518.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187521.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187522.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187523.TXT -> Spyware.Cookie.Hotlog : Cleaned with backup C:\RECYCLER\NPROTECT\00187524.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\RECYCLER\NPROTECT\00187528.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\RECYCLER\NPROTECT\00187529.TXT -> Spyware.Cookie.Overture : Cleaned with backup C:\RECYCLER\NPROTECT\00187530.TXT -> Spyware.Cookie.Paycounter : Cleaned with backup C:\RECYCLER\NPROTECT\00187531.TXT -> Spyware.Cookie.Overture : Cleaned with backup C:\RECYCLER\NPROTECT\00187533.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\RECYCLER\NPROTECT\00187536.TXT -> Spyware.Cookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00187538.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\RECYCLER\NPROTECT\00187539.TXT -> Spyware.Cookie.Sexlist : Cleaned with backup C:\RECYCLER\NPROTECT\00187540.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187541.TXT -> Spyware.Cookie.Spylog : Cleaned with backup C:\RECYCLER\NPROTECT\00187543.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\RECYCLER\NPROTECT\00187544.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup C:\RECYCLER\NPROTECT\00187545.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\RECYCLER\NPROTECT\00187546.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00187547.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\RECYCLER\NPROTECT\00187548.TXT -> Spyware.Cookie.Valueclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187549.TXT -> Spyware.Cookie.Weborama : Cleaned with backup C:\RECYCLER\NPROTECT\00187552.TXT -> Spyware.Cookie.Xxxcounter : Cleaned with backup C:\RECYCLER\NPROTECT\00187553.TXT -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup C:\RECYCLER\NPROTECT\00187554.TXT -> Spyware.Cookie.Adserver : Cleaned with backup C:\RECYCLER\NPROTECT\00187557.TXT -> Spyware.Cookie.2o7 : Cleaned with backup C:\RECYCLER\NPROTECT\00187560.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup C:\RECYCLER\NPROTECT\00187561.TXT -> Spyware.Cookie.Pointroll : Cleaned with backup C:\RECYCLER\NPROTECT\00187563.TXT -> Spyware.Cookie.Adtech : Cleaned with backup C:\RECYCLER\NPROTECT\00187564.TXT -> Spyware.Cookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00187566.TXT -> Spyware.Cookie.Falkag : Cleaned with backup C:\RECYCLER\NPROTECT\00187567.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup C:\RECYCLER\NPROTECT\00187568.TXT -> Spyware.Cookie.Bfast : Cleaned with backup C:\RECYCLER\NPROTECT\00187569.TXT -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\RECYCLER\NPROTECT\00187571.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\RECYCLER\NPROTECT\00187574.TXT -> Spyware.Cookie.Centrport : Cleaned with backup C:\RECYCLER\NPROTECT\00187582.TXT -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\RECYCLER\NPROTECT\00187584.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187585.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187586.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187587.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187588.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187589.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187590.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187591.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187592.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187593.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187594.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187595.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187596.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187597.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187598.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187599.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187601.TXT -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\RECYCLER\NPROTECT\00187602.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187603.TXT -> Spyware.Cookie.Ru4 : Cleaned with backup C:\RECYCLER\NPROTECT\00187604.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187605.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187606.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187608.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187611.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187612.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup C:\RECYCLER\NPROTECT\00187613.TXT -> Spyware.Cookie.Hotlog : Cleaned with backup C:\RECYCLER\NPROTECT\00187614.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\RECYCLER\NPROTECT\00187618.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\RECYCLER\NPROTECT\00187619.TXT -> Spyware.Cookie.Overture : Cleaned with backup C:\RECYCLER\NPROTECT\00187620.TXT -> Spyware.Cookie.Paycounter : Cleaned with backup C:\RECYCLER\NPROTECT\00187621.TXT -> Spyware.Cookie.Overture : Cleaned with backup C:\RECYCLER\NPROTECT\00187623.TXT -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\RECYCLER\NPROTECT\00187626.TXT -> Spyware.Cookie.Advertising : Cleaned with backup C:\RECYCLER\NPROTECT\00187628.TXT -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\RECYCLER\NPROTECT\00187629.TXT -> Spyware.Cookie.Sexlist : Cleaned with backup C:\RECYCLER\NPROTECT\00187630.TXT -> Spyware.Cookie.Sextracker : Cleaned with backup C:\RECYCLER\NPROTECT\00187631.TXT -> Spyware.Cookie.Spylog : Cleaned with backup C:\RECYCLER\NPROTECT\00187633.TXT -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\RECYCLER\NPROTECT\00187634.TXT -> Spyware.Cookie.Targetnet : Cleaned with backup C:\RECYCLER\NPROTECT\00187635.TXT -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\RECYCLER\NPROTECT\00187636.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\RECYCLER\NPROTECT\00187637.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\RECYCLER\NPROTECT\00187638.TXT -> Spyware.Cookie.Valueclick : Cleaned with backup C:\RECYCLER\NPROTECT\00187639.TXT -> Spyware.Cookie.Weborama : Cleaned with backup C:\RECYCLER\NPROTECT\00187642.TXT -> Spyware.Cookie.Xxxcounter : Cleaned with backup C:\RECYCLER\NPROTECT\00187643.TXT -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup C:\RECYCLER\NPROTECT\00187644.TXT -> Spyware.Cookie.Adserver : Cleaned with backup C:\WINDOWS\AIJLFJH.ini:jejzc -> TrojanDownloader.Agent.db : Cleaned with backup C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx -> Not-A-Virus.VirTool.Collector : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wladesk99x.exe -> Dialer.Generic : Cleaned with backup C:\WINDOWS\Downloaded Program Files\ggntcrid.exe -> TrojanDownloader.Agent.eq : Cleaned with backup C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup C:\WINDOWS\Downloaded Program Files\wladesk99x.exe -> Dialer.Generic : Cleaned with backup C:\WINDOWS\Downloaded Program Files\ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup C:\WINDOWS\gds5.dll -> TrojanDownloader.Small.azf : Cleaned with backup C:\WINDOWS\ieyb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\KPAPI32.DLL:anaci -> TrojanDownloader.Agent.db : Cleaned with backup C:\WINDOWS\mdm.ini:wizbs -> TrojanDownloader.Agent.ap : Cleaned with backup C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\rblky.sys:merif -> TrojanDownloader.Agent.db : Cleaned with backup C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup ::Report End Incident Status Location Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras Adware:Adware/MyWay No disinfected C:\Program Files\MyWay Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\SearchUpgrader Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\wupdsnff.exe Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvm*.dll Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.??? Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp Spyware:Spyware/RXToolbar No disinfected C:\Program Files\RXToolBar Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Default User\Local Settings\Temp\obie.exe Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ODAVG5YR\dd[1].exe Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg Adware:Adware/TopSpyware No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\wupdsnff.exe