Tech Support Forum - View Single Post - Multiple pop-ups on multiple user system

stretched · 01-14-2006, 09:06 PM

Ok back from that adventure, one thing I forgot but did it now...sorry...and here are results:

This was present and fixed in HJT:

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess

Smashed these in unistall manager, there was no info on the size just the name and the bit about looks like its gone wanna take it from the list so this time I said yes:

Zango Toolbar
zbvugea
zseyqgxmad

This one:The Best Offers Had to remove it via HiJackThis Open Uninstall Manager task

ran this regsvr32 /u occache.dll

I missed deleting these until right now (!??)

C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe
C:\WINDOWS\SYSTEM32\msclock32.dll

I did it now.

I did run this: regsvr32 occache.dll
I did Boot to normal mode and CLEAR & RESET SYSTEM RESTORE'S CACHE

And I did Panda ActiveScan

RE: LOGS AND REPORTS

As for that webroot thing, did not see your post until it was actually done, so I managed to copy this on the lower most box by selecting holding shift and down arrow bit...control+c etc. Here it is:

(WEBROOT SPYSWEEPER FINDINGS)
Adware found: multidial
Adware found: screensavers
Adware found: websearch toolbar
Adware found: winad
Trojan Horse found: sysnet
Adware found: drsnsrch hijacker
Adware found: rich editor
Adware found: dealbar toolbar
Adware found: safesurf
Adware found: directrevenue-abetterinternet
Adware found: 180search assistant/zango
Adware found: cas
Adware found: ezula ilookup
Adware found: fullcontext
Adware found: ieplugin
Adware found: drsnsrch.com hijack
Adware found: starware toolbar
Adware found: instant access
Adware found: one2one viewer
Adware found: privacyscan
Adware found: hotconnect dialer
Spy Cookie found: 2o7.net cookie
Spy Cookie found: 888 cookie
Spy Cookie found: websponsors cookie
Spy Cookie found: aa cookie
Spy Cookie found: go.com cookie
Spy Cookie found: abetterinternet cookie
Spy Cookie found: about cookie
Spy Cookie found: yieldmanager cookie
Spy Cookie found: adknowledge cookie
Spy Cookie found: adrevservice cookie
Spy Cookie found: cc214142 cookie
Spy Cookie found: pointroll cookie
Spy Cookie found: adultrevenueservice cookie
Spy Cookie found: falkag cookie
Spy Cookie found: ask cookie
Spy Cookie found: atlas dmt cookie
Spy Cookie found: belnk cookie
Spy Cookie found: atwola cookie
Spy Cookie found: azjmp cookie
Spy Cookie found: a cookie
Spy Cookie found: bizrate cookie
Spy Cookie found: btgrab cookie
Spy Cookie found: burstnet cookie
Spy Cookie found: goclick cookie
Spy Cookie found: gostats cookie
Spy Cookie found: ccbill cookie
Spy Cookie found: cliks cookie
Spy Cookie found: dealtime cookie
Spy Cookie found: webservicehosts cookie
Spy Cookie found: gamespy cookie
Spy Cookie found: metareward.com cookie
Spy Cookie found: military cookie
Spy Cookie found: mywebsearch cookie
Spy Cookie found: nextag cookie
Spy Cookie found: offeroptimizer cookie
Spy Cookie found: outster cookie
Spy Cookie found: partypoker cookie
Spy Cookie found: paypopup cookie
Spy Cookie found: pricegrabber cookie
Spy Cookie found: rightmedia cookie
Spy Cookie found: spywarestormer cookie
Spy Cookie found: toplist cookie
Spy Cookie found: tracking cookie
Spy Cookie found: tribalfusion cookie
Spy Cookie found: burstbeacon cookie
Spy Cookie found: hardcoresexshack cookie
Spy Cookie found: xiti cookie
Spy Cookie found: yadro cookie
Spy Cookie found: 412 cookie
Spy Cookie found: 447 cookie
Spy Cookie found: 64.62.232 cookie
Spy Cookie found: adecn cookie
Spy Cookie found: adlegend cookie
Spy Cookie found: hbmediapro cookie
Spy Cookie found: hotbar cookie
Spy Cookie found: precisead cookie
Spy Cookie found: specificclick.com cookie
Spy Cookie found: adorigin cookie
Spy Cookie found: adprofile cookie
Spy Cookie found: starpulse cookie
Spy Cookie found: adultfriendfinder cookie
Spy Cookie found: advertising cookie
Spy Cookie found: angelfire cookie
Spy Cookie found: bannerspace cookie
Spy Cookie found: banners cookie
Spy Cookie found: banner cookie
Spy Cookie found: bravenet cookie
Spy Cookie found: callwave cookie
Spy Cookie found: casalemedia cookie
Spy Cookie found: commission junction cookie
Spy Cookie found: classmates cookie
Spy Cookie found: tickle cookie
Spy Cookie found: did-it cookie
Spy Cookie found: empnads cookie
Spy Cookie found: exitexchange cookie
Spy Cookie found: expage cookie
Spy Cookie found: fastclick cookie
Spy Cookie found: go2net.com cookie
Spy Cookie found: starware.com cookie
Spy Cookie found: clickandtrack cookie
Spy Cookie found: screensavers.com cookie
Spy Cookie found: kount cookie
Spy Cookie found: maxserving cookie
Spy Cookie found: touchclarity cookie
Spy Cookie found: reunion cookie
Spy Cookie found: search123 cookie
Spy Cookie found: servedby advertising cookie
Spy Cookie found: servlet cookie
Spy Cookie found: sirsearch cookie
Spy Cookie found: reliablestats cookie
Spy Cookie found: trb.com cookie
Spy Cookie found: clickzs cookie
Spy Cookie found: webpower cookie
Spy Cookie found: redzip cookie
Spy Cookie found: upspiral cookie
Spy Cookie found: adrevolver cookie
Spy Cookie found: askmen cookie
Spy Cookie found: enhance cookie
Spy Cookie found: cassava cookie
Spy Cookie found: cgi-win cookie
Spy Cookie found: cursorzone cookie
Spy Cookie found: overture cookie
Spy Cookie found: fe.lea.lycos.com cookie
Spy Cookie found: herfirstanalsex cookie
Spy Cookie found: herfirstlesbiansex cookie
Spy Cookie found: questionmarket cookie
Spy Cookie found: realmedia cookie
Spy Cookie found: adjuggler cookie
Spy Cookie found: serving-sys cookie
Spy Cookie found: directtrack cookie
Spy Cookie found: targetnet cookie
Spy Cookie found: teensforcash cookie
Spy Cookie found: trafficmp cookie
Spy Cookie found: joetec.net cookie
Spy Cookie found: freepassbucks cookie
Spy Cookie found: centrport net cookie
Spy Cookie found: ru4 cookie
Adware found: apropos
Adware found: begin2search
Adware found: shopathomeselect
Adware found: visfx
Adware found: exact cashback/bargain buddy
Adware found: winantispyware 2005
Adware found: newads transponder
Adware found: java byteverify
Full Sweep has completed. Elapsed time 00:47:33
Traces Found: 2650

END OF THAT LIST

ACTIVESCAN

Incident Status Location

Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\msclock32.dll
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Dialer:dialer generic Not disinfected C:\PROGRAM FILES\dialers
Adware:adware/comet Not disinfected C:\Documents and Settings\Mommy\Application Data\Starware
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\SOFTWARE\TOOLBAR
Adware:adware/activshopper Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\ZANGOTOOLBAR.ZCTOOLBAND
Adware:adware/webext Not disinfected Windows Registry
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@ads.pointroll[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@ask[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@com[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@questionmarket[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@tribalfusion[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ads.pointroll[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@questionmarket[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt
Adware:Adware/WinTools Not disinfected C:\WINDOWS\SYSTEM32\grwinsthlp.exe
Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\msclock32.dll
END OF THAT LIST

Logfile of HijackThis v1.99.1

Scan saved at 9:59:44 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56218849-857B-4B5B-9C85-8FDFB8882AD5}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

OK, and sorry about screwing up the order of that one fix, and maybe the webroot thing is of some use here - no need for you to apologize, I am indebted to you as it is already.....

01-14-2006, 09:06 PM	#21 (permalink)
stretched Registered User Join Date: Aug 2005 Posts: 115 OS: Windows XP	Ok back from that adventure, one thing I forgot but did it now...sorry...and here are results: This was present and fixed in HJT: O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess Smashed these in unistall manager, there was no info on the size just the name and the bit about looks like its gone wanna take it from the list so this time I said yes: Zango Toolbar zbvugea zseyqgxmad This one:The Best Offers Had to remove it via HiJackThis Open Uninstall Manager task ran this regsvr32 /u occache.dll I missed deleting these until right now (!??) C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe C:\WINDOWS\SYSTEM32\msclock32.dll I did it now. I did run this: regsvr32 occache.dll I did Boot to normal mode and CLEAR & RESET SYSTEM RESTORE'S CACHE And I did Panda ActiveScan RE: LOGS AND REPORTS As for that webroot thing, did not see your post until it was actually done, so I managed to copy this on the lower most box by selecting holding shift and down arrow bit...control+c etc. Here it is: (WEBROOT SPYSWEEPER FINDINGS) Adware found: multidial Adware found: screensavers Adware found: websearch toolbar Adware found: winad Trojan Horse found: sysnet Adware found: drsnsrch hijacker Adware found: rich editor Adware found: dealbar toolbar Adware found: safesurf Adware found: directrevenue-abetterinternet Adware found: 180search assistant/zango Adware found: cas Adware found: ezula ilookup Adware found: fullcontext Adware found: ieplugin Adware found: drsnsrch.com hijack Adware found: starware toolbar Adware found: instant access Adware found: one2one viewer Adware found: privacyscan Adware found: hotconnect dialer Spy Cookie found: 2o7.net cookie Spy Cookie found: 888 cookie Spy Cookie found: websponsors cookie Spy Cookie found: aa cookie Spy Cookie found: go.com cookie Spy Cookie found: abetterinternet cookie Spy Cookie found: about cookie Spy Cookie found: yieldmanager cookie Spy Cookie found: adknowledge cookie Spy Cookie found: adrevservice cookie Spy Cookie found: cc214142 cookie Spy Cookie found: pointroll cookie Spy Cookie found: adultrevenueservice cookie Spy Cookie found: falkag cookie Spy Cookie found: ask cookie Spy Cookie found: atlas dmt cookie Spy Cookie found: belnk cookie Spy Cookie found: atwola cookie Spy Cookie found: azjmp cookie Spy Cookie found: a cookie Spy Cookie found: bizrate cookie Spy Cookie found: btgrab cookie Spy Cookie found: burstnet cookie Spy Cookie found: goclick cookie Spy Cookie found: gostats cookie Spy Cookie found: ccbill cookie Spy Cookie found: cliks cookie Spy Cookie found: dealtime cookie Spy Cookie found: webservicehosts cookie Spy Cookie found: gamespy cookie Spy Cookie found: metareward.com cookie Spy Cookie found: military cookie Spy Cookie found: mywebsearch cookie Spy Cookie found: nextag cookie Spy Cookie found: offeroptimizer cookie Spy Cookie found: outster cookie Spy Cookie found: partypoker cookie Spy Cookie found: paypopup cookie Spy Cookie found: pricegrabber cookie Spy Cookie found: rightmedia cookie Spy Cookie found: spywarestormer cookie Spy Cookie found: toplist cookie Spy Cookie found: tracking cookie Spy Cookie found: tribalfusion cookie Spy Cookie found: burstbeacon cookie Spy Cookie found: hardcoresexshack cookie Spy Cookie found: xiti cookie Spy Cookie found: yadro cookie Spy Cookie found: 412 cookie Spy Cookie found: 447 cookie Spy Cookie found: 64.62.232 cookie Spy Cookie found: adecn cookie Spy Cookie found: adlegend cookie Spy Cookie found: hbmediapro cookie Spy Cookie found: hotbar cookie Spy Cookie found: precisead cookie Spy Cookie found: specificclick.com cookie Spy Cookie found: adorigin cookie Spy Cookie found: adprofile cookie Spy Cookie found: starpulse cookie Spy Cookie found: adultfriendfinder cookie Spy Cookie found: advertising cookie Spy Cookie found: angelfire cookie Spy Cookie found: bannerspace cookie Spy Cookie found: banners cookie Spy Cookie found: banner cookie Spy Cookie found: bravenet cookie Spy Cookie found: callwave cookie Spy Cookie found: casalemedia cookie Spy Cookie found: commission junction cookie Spy Cookie found: classmates cookie Spy Cookie found: tickle cookie Spy Cookie found: did-it cookie Spy Cookie found: empnads cookie Spy Cookie found: exitexchange cookie Spy Cookie found: expage cookie Spy Cookie found: fastclick cookie Spy Cookie found: go2net.com cookie Spy Cookie found: starware.com cookie Spy Cookie found: clickandtrack cookie Spy Cookie found: screensavers.com cookie Spy Cookie found: kount cookie Spy Cookie found: maxserving cookie Spy Cookie found: touchclarity cookie Spy Cookie found: reunion cookie Spy Cookie found: search123 cookie Spy Cookie found: servedby advertising cookie Spy Cookie found: servlet cookie Spy Cookie found: sirsearch cookie Spy Cookie found: reliablestats cookie Spy Cookie found: trb.com cookie Spy Cookie found: clickzs cookie Spy Cookie found: webpower cookie Spy Cookie found: redzip cookie Spy Cookie found: upspiral cookie Spy Cookie found: adrevolver cookie Spy Cookie found: askmen cookie Spy Cookie found: enhance cookie Spy Cookie found: cassava cookie Spy Cookie found: cgi-win cookie Spy Cookie found: cursorzone cookie Spy Cookie found: overture cookie Spy Cookie found: fe.lea.lycos.com cookie Spy Cookie found: herfirstanalsex cookie Spy Cookie found: herfirstlesbiansex cookie Spy Cookie found: questionmarket cookie Spy Cookie found: realmedia cookie Spy Cookie found: adjuggler cookie Spy Cookie found: serving-sys cookie Spy Cookie found: directtrack cookie Spy Cookie found: targetnet cookie Spy Cookie found: teensforcash cookie Spy Cookie found: trafficmp cookie Spy Cookie found: joetec.net cookie Spy Cookie found: freepassbucks cookie Spy Cookie found: centrport net cookie Spy Cookie found: ru4 cookie Adware found: apropos Adware found: begin2search Adware found: shopathomeselect Adware found: visfx Adware found: exact cashback/bargain buddy Adware found: winantispyware 2005 Adware found: newads transponder Adware found: java byteverify Full Sweep has completed. Elapsed time 00:47:33 Traces Found: 2650 END OF THAT LIST ACTIVESCAN Incident Status Location Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\msclock32.dll Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat Dialer:dialer generic Not disinfected C:\PROGRAM FILES\dialers Adware:adware/comet Not disinfected C:\Documents and Settings\Mommy\Application Data\Starware Adware:adware/wupd Not disinfected Windows Registry Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\SOFTWARE\TOOLBAR Adware:adware/activshopper Not disinfected Windows Registry Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\ZANGOTOOLBAR.ZCTOOLBAND Adware:adware/webext Not disinfected Windows Registry Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@2o7[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@ads.pointroll[1].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@ask[1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@centrport[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@com[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@questionmarket[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\cookies\mommy@tribalfusion[1].txt Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@2o7[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ads.pointroll[1].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@ask[1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@centrport[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@com[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@questionmarket[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mommy\Cookies\mommy@tribalfusion[1].txt Adware:Adware/WinTools Not disinfected C:\WINDOWS\SYSTEM32\grwinsthlp.exe Adware:Adware/NaviPromo Not disinfected C:\WINDOWS\SYSTEM32\msclock32.dll END OF THAT LIST Logfile of HijackThis v1.99.1 Scan saved at 9:59:44 PM, on 1/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{56218849-857B-4B5B-9C85-8FDFB8882AD5}: NameServer = 205.188.146.145 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe OK, and sorry about screwing up the order of that one fix, and maybe the webroot thing is of some use here - no need for you to apologize, I am indebted to you as it is already.....