Tech Support Forum - View Single Post - Multiple pop-ups on multiple user system

stretched · 01-10-2006, 06:32 PM

alright I could not run Hijack this in user mode, only safe mode, McAfee still thinks its a virus.

Here are the logs, and I'll wait for a response before doing anything else.

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\456\Cookies\456@ad.yieldmanager[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\456\Cookies\456@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\456\Cookies\456@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\456\Cookies\456@burstnet[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\456\Cookies\456@dist.belnk[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\456\Cookies\456@www.burstbeacon[1].txt
Adware:Adware/FCHelp Not disinfected C:\Documents and Settings\456\Local Settings\Temp\fcHelp.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@2o7[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@64.62.232[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@abetterinternet[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ads.pointroll[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@belnk[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@btg.btgrab[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@c.enhance[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@centrport[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@clickbank[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@cliks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@doubleclick[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@kount[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@offeroptimizer[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@questionmarket[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@searchportal.information[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@spywarestormer[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@www.burstbeacon[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@xiti[1].txt
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Faizah\Local Settings\Temp\ExtractDLL.dll
Virus:Trj/Imiserv.D Disinfected C:\Documents and Settings\Faizah\Local Settings\Temp\wupdt.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@belnk[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Guest\Cookies\guest@btg.btgrab[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Guest\Cookies\guest@cliks[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[1].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ilead.itrack[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Guest\Cookies\guest@offeroptimizer[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Guest\Cookies\guest@stats1.reliablestats[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Guest\Cookies\guest@winfixer[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@2o7[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@abetterinternet[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@advertising[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ath.belnk[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@belnk[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@btg.btgrab[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@casalemedia[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@cliks[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@go[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@offeroptimizer[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@searchportal.information[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@stats1.reliablestats[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@valueclick[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@xiti[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@2o7[2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@abetterinternet[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@btg.btgrab[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@cliks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@offeroptimizer[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt
Dialer:Dialer.DNS Not disinfected C:\Documents and Settings\Mommy\Local Settings\Temp\temp.frDA4A
Virus:Trj/LowZones.AA Disinfected C:\fdj.exe
Adware:Adware/EnhSrch Not disinfected C:\HJT\backups\backup-20060110-014730-776.dll
Adware:Adware/ActivShopper Not disinfected C:\HJT\backups\backup-20060110-014730-824.dll
Dialer:Dialer.B Not disinfected C:\HJT\backups\backup-20060110-014733-325.dll
Adware:Adware/Comet Not disinfected C:\HJT\backups\backup-20060110-014733-998.dll
Dialer:Dialer.FFQ Not disinfected C:\HJT\backups\backup-20060110-014734-117.dll
Adware:Adware/WUpd Not disinfected C:\HJT\backups\backup-20060110-014734-344.dll
Adware:Adware/Cmap Not disinfected C:\Program Files\CMAPP\Client\cmappclient.exe
Virus:Trj/Downloader.HCA Disinfected C:\Program Files\CMAPP\cmappstub.exe
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\Uninstall.exe
Adware:Adware/WinTools Not disinfected C:\Program Files\knights_shiryu1\insthlp.dat
Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll
Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
Virus:Trj/Lowzones.KI Disinfected C:\runaplj.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\AuroraHandler.dll_tobedeleted
Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dinst.exe
Adware:adware/enhsrch Not disinfected C:\WINDOWS\dsr.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Virus:Trj/Dropper.ME Disinfected C:\WINDOWS\mattyek.exe
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Adware:Adware/Popper Not disinfected C:\WINDOWS\rjbherd.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq.exe
Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq_nav.dat
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe
Virus:Trj/LowZones.AA Disinfected C:\WINDOWS\SYSTEM32\links.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\lyzfmgqu.exe
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsd253.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsd2CB.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nse256.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsg250.dll
Adware:Adware/PopupSearches Not disinfected C:\WINDOWS\SYSTEM32\nshAE0.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsn28F.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsu249.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsu2A2.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsxB91.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsy2C5.dll
Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsz2C8.dll
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\pshwr.exe
Dialer:Dialer.FGU Not disinfected C:\WINDOWS\SYSTEM32\sysnetsvc32.dll
Virus:Trj/Lowzones.KI Disinfected C:\WINDOWS\SYSTEM32\vmlib.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\vuwaqtf.exe
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\wirelanb.dll
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\zbvugea.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:21:47 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshicop.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italozgs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: ghbjcbjd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Looks bad man...

01-10-2006, 06:32 PM	#3 (permalink)
stretched Registered User Join Date: Aug 2005 Posts: 115 OS: Windows XP	New Htj And Panda Logs alright I could not run Hijack this in user mode, only safe mode, McAfee still thinks its a virus. Here are the logs, and I'll wait for a response before doing anything else. Incident Status Location Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\456\Cookies\456@ad.yieldmanager[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\456\Cookies\456@ask[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\456\Cookies\456@belnk[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\456\Cookies\456@burstnet[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\456\Cookies\456@dist.belnk[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\456\Cookies\456@www.burstbeacon[1].txt Adware:Adware/FCHelp Not disinfected C:\Documents and Settings\456\Local Settings\Temp\fcHelp.exe Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@2o7[1].txt Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@64.62.232[1].txt Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@abetterinternet[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ad.yieldmanager[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@adopt.hbmediapro[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ads.pointroll[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ask[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@ath.belnk[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@azjmp[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@belnk[1].txt Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@btg.btgrab[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@burstnet[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@c.enhance[1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@centrport[1].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@clickbank[1].txt Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@cliks[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@com[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@dist.belnk[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@doubleclick[1].txt Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@kount[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@mediaplex[1].txt Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@offeroptimizer[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@questionmarket[1].txt Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@rightmedia[2].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@rn11[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@searchportal.information[2].txt Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@spywarestormer[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@statcounter[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@tribalfusion[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@winfixer[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@www.burstbeacon[2].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@www48.seeq[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Faizah\Cookies\faizah@xiti[1].txt Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Faizah\Local Settings\Temp\ExtractDLL.dll Virus:Trj/Imiserv.D Disinfected C:\Documents and Settings\Faizah\Local Settings\Temp\wupdt.exe Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ask[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ath.belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@belnk[2].txt Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Guest\Cookies\guest@btg.btgrab[1].txt Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Guest\Cookies\guest@cliks[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[1].txt Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ilead.itrack[2].txt Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Guest\Cookies\guest@offeroptimizer[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Guest\Cookies\guest@stats1.reliablestats[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Guest\Cookies\guest@winfixer[2].txt Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@2o7[1].txt Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@abetterinternet[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@adrevolver[3].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@advertising[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ask[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@ath.belnk[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@azjmp[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@belnk[1].txt Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@btg.btgrab[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@burstnet[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@casalemedia[2].txt Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@cliks[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@com[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@fastclick[2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@go[1].txt Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@offeroptimizer[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@realmedia[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@searchportal.information[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@stats1.reliablestats[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@tribalfusion[1].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@valueclick[2].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@winfixer[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\hehehe\Cookies\hehehe@xiti[1].txt Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@2o7[2].txt Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@abetterinternet[1].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@btg.btgrab[1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@cliks[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@offeroptimizer[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt Dialer:Dialer.DNS Not disinfected C:\Documents and Settings\Mommy\Local Settings\Temp\temp.frDA4A Virus:Trj/LowZones.AA Disinfected C:\fdj.exe Adware:Adware/EnhSrch Not disinfected C:\HJT\backups\backup-20060110-014730-776.dll Adware:Adware/ActivShopper Not disinfected C:\HJT\backups\backup-20060110-014730-824.dll Dialer:Dialer.B Not disinfected C:\HJT\backups\backup-20060110-014733-325.dll Adware:Adware/Comet Not disinfected C:\HJT\backups\backup-20060110-014733-998.dll Dialer:Dialer.FFQ Not disinfected C:\HJT\backups\backup-20060110-014734-117.dll Adware:Adware/WUpd Not disinfected C:\HJT\backups\backup-20060110-014734-344.dll Adware:Adware/Cmap Not disinfected C:\Program Files\CMAPP\Client\cmappclient.exe Virus:Trj/Downloader.HCA Disinfected C:\Program Files\CMAPP\cmappstub.exe Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.dll Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\FCHelp.exe Adware:Adware/FCHelp Not disinfected C:\Program Files\FCHelp\Uninstall.exe Adware:Adware/WinTools Not disinfected C:\Program Files\knights_shiryu1\insthlp.dat Adware:Adware/NaviPromo Not disinfected C:\Program Files\MailSkinner\OESkinner.dll Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONcomp.dll Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll Virus:Trj/Lowzones.KI Disinfected C:\runaplj.exe Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\AuroraHandler.dll_tobedeleted Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dinst.exe Adware:adware/enhsrch Not disinfected C:\WINDOWS\dsr.exe Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat Virus:Trj/Dropper.ME Disinfected C:\WINDOWS\mattyek.exe Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat Adware:Adware/Popper Not disinfected C:\WINDOWS\rjbherd.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV3.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\InstallerV4.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq.exe Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\kagtolwq_nav.dat Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\lanbruns.exe Virus:Trj/LowZones.AA Disinfected C:\WINDOWS\SYSTEM32\links.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\lyzfmgqu.exe Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsd253.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsd2CB.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nse256.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsg250.dll Adware:Adware/PopupSearches Not disinfected C:\WINDOWS\SYSTEM32\nshAE0.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsn28F.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsu249.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsu2A2.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsxB91.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsy2C5.dll Adware:Adware/BigTrafficNet Not disinfected C:\WINDOWS\SYSTEM32\nsz2C8.dll Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\pshwr.exe Dialer:Dialer.FGU Not disinfected C:\WINDOWS\SYSTEM32\sysnetsvc32.dll Virus:Trj/Lowzones.KI Disinfected C:\WINDOWS\SYSTEM32\vmlib.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\vuwaqtf.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\SYSTEM32\wirelanb.dll Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\zbvugea.exe Logfile of HijackThis v1.99.1 Scan saved at 7:21:47 PM, on 1/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshicop.dll O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italozgs.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: ghbjcbjd.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Looks bad man...