Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Please Help!!!! Here is my HijackThis Log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-16-2005, 06:04 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


Please Help!!!! Here is my HijackThis Log
PLease help me... I know SOMETHING is wrong but I can't figure out what!!!! Here is my Hijackthis logfile... I used Hijackthis Analyzer to get this log

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:58:44 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Webshots\webshots.scr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108431574593
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


End of KRC HijackThis Analyzer Log.
====================================================================
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-16-2005, 11:40 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


Please do these two scans first

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer
  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click Start Scan
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click Clean Threats Now.
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

When you're done, post the resultant logs & furnish us with a fresh HijackThis log (un-analysed)
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 05:08 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


Here are the 2 logs you asked me to post...

Panda ActiveScan Log


Incident Status Location

Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/savenow No disinfected Windows Registry





Trend Micro Anti-Spyware Log

Started Scanning
Internet Cookies
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'maxserving.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN Publishing'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Dvx'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Found 'GLC68.tmp' in 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp'
Found 'GLF6D.tmp' in 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp'
Found 'GLK6A.tmp' in 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp'
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found 'np.tmp' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found 'LimeWire20.dll' in 'C:\Program Files\LimeWire'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLC68.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLC68.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLC68.tmp'
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLF6D.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLF6D.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLF6D.tmp'
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLK6A.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLK6A.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Miranda M. Jacobs\Local Settings\Temp\GLK6A.tmp'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\bdupd.dll' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\bdupd.dll' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\bdupd.dll'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ace.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ace.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ace.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\alz.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\alz.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\alz.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\arc.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\arc.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\arc.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\arj.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\arj.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\arj.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\bach.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\bach.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\bach.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\bzip2.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\bzip2.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\bzip2.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cab.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cab.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cab.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.rvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.rvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.rvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cevakrnl.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_dll.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_dll.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_dll.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_emu.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_emu.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_emu.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_vfs.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_vfs.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ceva_vfs.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\chm.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\chm.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\chm.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cpio.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cpio.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cpio.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cran.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cran.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\cran.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\cran.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\dbx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\dbx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\dbx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\docfile.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\docfile.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\docfile.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\emalware.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\epoc.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\epoc.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\epoc.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\gzip.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\gzip.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\gzip.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ha.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ha.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ha.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hlp.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hlp.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\hlp.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\hpe.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hqx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\hqx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\hqx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\html.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\html.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\html.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\imp.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\imp.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\imp.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\inno.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\inno.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\inno.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\instyler.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\instyler.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\instyler.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\iso.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\iso.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\iso.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\java.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\java.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\java.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\java.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\java.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\java.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\jpeg.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\jpeg.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\jpeg.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\lha.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\lha.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\lha.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\lnk.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\lnk.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\lnk.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mbox.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mbox.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mbox.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mbx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mbx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mbx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_97.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_w95.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_w95.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_w95.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_x95.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_x95.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_x95.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_xf.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_xf.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mdx_xf.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mime.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mime.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mime.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mso.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\mso.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\mso.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\na.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\na.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\na.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\na.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\na.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\na.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\nelf.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nsis.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\nsis.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\nsis.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\objd.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\objd.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\objd.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\pdf.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\pdf.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\pdf.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\pst.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\pst.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\pst.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rar.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rar.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\rar.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rpm.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rpm.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\rpm.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rtf.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rtf.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\rtf.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rup.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rup.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\rup.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rup.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\rup.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\rup.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\sdx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sfx.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\sfx.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\sfx.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\swf.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\swf.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\swf.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\tar.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\tar.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\tar.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\td0.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\td0.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\td0.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\thebat.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\thebat.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\thebat.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\tnef.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\tnef.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\tnef.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\unpack.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\update.txt' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\update.txt' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\update.txt'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\uudecode.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\uudecode.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\uudecode.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ve.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.ivd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.ivd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ve.ivd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\ve.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\ve.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\vedata.cvd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\vedata.cvd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\vedata.cvd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\viza.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\viza.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\viza.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\wise.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\wise.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\wise.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\xishield.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\xishield.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\xishield.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\z.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\z.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\z.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\zip.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\zip.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\zip.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\zoo.xmd' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins\zoo.xmd' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins\zoo.xmd'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins.htm' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins.htm' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins.htm'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\data\{27A07F12-34DC-3780-BB52-E3AFF4469764}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{27A07F12-34DC-3780-BB52-E3AFF4469764}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{27A07F12-34DC-3780-BB52-E3AFF4469764}'
Checking for 'C:\Program Files\Kazaa\data\{2A9B3A03-6DFE-C7A9-D61F-181B5E9EB87C}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{2A9B3A03-6DFE-C7A9-D61F-181B5E9EB87C}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{2A9B3A03-6DFE-C7A9-D61F-181B5E9EB87C}'
Checking for 'C:\Program Files\Kazaa\data\{2AB759F0-1E2B-3B02-F870-E9988CF80F89}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{2AB759F0-1E2B-3B02-F870-E9988CF80F89}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{2AB759F0-1E2B-3B02-F870-E9988CF80F89}'
Checking for 'C:\Program Files\Kazaa\data\{F0881025-5589-EF78-3838-99075004CD78}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{F0881025-5589-EF78-3838-99075004CD78}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{F0881025-5589-EF78-3838-99075004CD78}'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-050323.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-050323.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-050323.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\np.tmp'
Checking for 'C:\Program Files\Kazaa\Db\ova4-050325.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ova4-050325.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ova4-050325.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\np.tmp'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db\np.tmp' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas.
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in startup areas.
Cleaning 'C:\Program Files\LimeWire\LimeWire20.dll'
Finished Cleaning






Thanks you for taiking the time to look at these!!!!
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 05:11 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


Also here is my new and unanalysed HijackThis Log....


Logfile of HijackThis v1.99.1
Scan saved at 7:09:50 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108431574593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 07:42 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


Go to Control Panel > Add/Remove programs. If you have this entry, uninstal the program:

My WebSearch


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN


If you have not done so already, please enable the viewing of Hidden files
  1. From Windows Explorer, go to Tools>Folder Options> View tab.
  2. Enable the option for Show hidden files and folder
  3. Disable the option for Hide file extensions for known types
  4. Disable the option for Hide protected operating system files
  5. Click Yes to confirm & then click OK
Locate and delete the following file(s), if present:
  • C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\usta33.ini

  1. Go to Start> Run - type cleanmgr (this starts Windows DiskCleanup)
  2. Select Drive C: & click the 'OK' button
  3. Select the following options:
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  4. Click the 'OK' button

Reboot & Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


After that, post the following logs:

Online scan
HijackThis log

Tell me how the machine is behaving now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 09:05 PM   #6 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


Here is the lof for the Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 17, 2005 23:00:05
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/08/2005
Kaspersky Anti-Virus database records: 135690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96636
Number of viruses found: 6
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 2908 sec

Infected Object Name - Virus Name
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05413BB4.exe Infected: Trojan-Spy.Win32.VB.eh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\054465B1.ocx Infected: Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05470FAD.exe Infected: Trojan-Downloader.Win32.Small.afq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C1743B4.exe Infected: Trojan-Dropper.Win32.SurfSide.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3647564C.exe Infected: Trojan-Spy.Win32.KeyLogger.ao
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0002107.exe Infected: Trojan-Spy.Win32.KeyLogger.ao
C:\WINDOWS\sys1pie.dll Infected: Trojan-Spy.Win32.KeyLogger.cq

Scan process completed.


Here is the Hijackthis log...


Logfile of HijackThis v1.99.1
Scan saved at 11:02:08 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108431574593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




I noticed the Kaspersky found some things... did it fix them or will i need to fix those?

Thanks for everything!!!!
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 10:06 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


Kaspersky found a keylogger. That's bad

Please change all your paswords after this disinfection.

Please download KillBox v2.0.0.175

Run KillBox & paste the following location into KillBox :
  • C:\WINDOWS\sys1pie.dll
  1. Checkmark the following boxes :
    • Standard File Kill
    • Unregister DLL (If available)]
  2. Click the RED X button

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

After you have done that, navigate to the following location - C:\WINDOWS\sys1pie.dll
Verify that the file is really gone

Reboot your computer & post a fresh HJT log so that I can verify that you're clean.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 03:59 PM   #8 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


OK... I think I am in trouble with this C:\WINDOWS\sys1pie.dll file.... I deleted it out of the windows folder and checked there... it wasn't there so I rebooted and ran the Kaspersky program again and it looks as if the file relocated itself to another folder (c:!Submit)... what is that about? also there seems to be some more keyloggers that are in C:\System Volume Information\ in some restore folders.... I am so worried now!!!! here is the new kaspersky log file...

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 18, 2005 07:03:02
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/08/2005
Kaspersky Anti-Virus database records: 135740
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 96703
Number of viruses found: 6
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 2801 sec

Infected Object Name - Virus Name
C:\!Submit\sys1pie.dll Infected: Trojan-Spy.Win32.KeyLogger.cq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05413BB4.exe Infected: Trojan-Spy.Win32.VB.eh
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\054465B1.ocx Infected: Trojan-Downloader.Win32.VB.ez
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05470FAD.exe Infected: Trojan-Downloader.Win32.Small.afq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C1743B4.exe Infected: Trojan-Dropper.Win32.SurfSide.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3647564C.exe Infected: Trojan-Spy.Win32.KeyLogger.ao
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0022476.dll Infected: Trojan-Spy.Win32.KeyLogger.cq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0022500.dll Infected: Trojan-Spy.Win32.KeyLogger.cq
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0002107.exe Infected: Trojan-Spy.Win32.KeyLogger.ao

Scan process completed.
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 04:14 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


Don't worry. You're at the Security forum of TSF. The enviroment here is not conducive to malware's well-being. You're cleaner than you believe.

Do you remember Killbox telling you something about making a backup before deletions? Guess where these backups are kept?

You can safely delete the folder now - C:\!Submit\

While you're at it, delete all the files from Norton's quarantine folder too. We'll clear the other files in a while.

Now you can jump for joy like this little fella here -> Your system is clean

Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Clear & reset System Restore's cache
    • click Start >> Run - type SYSDM.CPL & press Enter
    • Select the System Restore Tab
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    • Then untick the same checkbox & click OK

  2. Disable the viewing of Hidden files
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Enable - Show hidden files and folder
    • Disable - Hide file extensions for known types
    • Disable - Hide protected operating system files
    Click Yes to confirm & then click OK

  3. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

  4. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:
    Virus, Spyware, and Malware Protection and Removal Resources

  5. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls

  7. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  8. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  9. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  10. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  11. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will further enhance your safety
  • IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.

  • Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
Last edited by sUBs; 08-18-2005 at 04:17 PM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 07:53 PM   #10 (permalink)
Registered User
 
Join Date: Apr 2005
Posts: 19
OS: Windows XP


I have not followed your last instructions yet, i just read them through... I have one question before I start...
I am pretty familar with computers as far as things like this go, so when you are giving me instructions I am understanding it on a level that most people do not. Usually people ask for help and just follow the instructions blindly and without really understanding what is going on...

However, I am NOT extremely familiar with actually cleaning a virus, trojan, or key-logger off my computer but I feel that at least I can understand what has happened through your explanation... I am familiar with all the programs you listed but I am wondering about some of them because I have Norton INternet Security & Anti-Virus installed on my computer... Shouldn't that be doing some of what these programs are doing? OR would you recommend the other programs too?

Also, I really would like to understand a little more of what happened at the level you are at... By looking at the logs I can usually pick out what shouldn't be there but I never act on those thoughts and I post my logs here for an "expert" I guess I am just a knowledge seeker... I want to learn!!!!

I will follow your instructions now but before I download all those programs let me know what my Norton Internet Security & Antivirus could be used in replace of, if any at all!!!

Thanks again, ya'll are such a big help and I truly respect what ya'll are doing for us!!!
cu_tigerlily27 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 10:39 PM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


If you already have Norton Internet Security & Antivirus, you needn't get any extra antivirus or firewall program. But try to get at least some of the other programs.

If you're keen to learn about battling malware, please sign up at our Academy to learn more. We welcome all applicants.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:50 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85