blackworm?

Spunks3 · 04-04-2006, 04:10 PM

this error messege will pop-up and when i try to click the cancel button the screen turns blue and freezes... i cant do anything and i have to reset the computer...

the intruction at "0x100514cc" referenced memory at "0x00000000". the memory could not be "written". click of to terminate program...click cancel to debug

also a messege box pops up saying that i have been infected with the blackworm virus...

Logfile of HijackThis v1.99.1
Scan saved at 6:03:26 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\SECRET~1\secretsmiles.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jules\My Documents\download\cims10fau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

tetonbob · 04-04-2006, 11:42 PM

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Also do this:

We need to update your Java as it is out of date. The older version is most likely the cause of your infection, and it needs to be updated so that you do not contract this infection again.

Updating Java:

Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It may have a coffee cup icon next to it.
Select it and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Spunks3 · 04-09-2006, 04:45 PM

Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\WINANTIVIRUS PRO 2006
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jules\Cookies\jules@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jules\Cookies\jules@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jules\Cookies\jules@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jules\Cookies\jules@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jules\Cookies\jules@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jules\Cookies\jules@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jules\Cookies\jules@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jules\Cookies\jules@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jules\Cookies\jules@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jules\Cookies\jules@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jules\Cookies\jules@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jules\Cookies\jules@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jules\Cookies\jules@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jules\Cookies\jules@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Jules\Cookies\jules@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jules\Cookies\jules@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Jules\Cookies\jules@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jules\Cookies\jules@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jules\Cookies\jules@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jules\Cookies\jules@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jules\Cookies\jules@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jules\Cookies\jules@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Jules\Cookies\jules@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jules\Cookies\jules@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jules\Cookies\jules@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jules\Cookies\jules@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jules\Cookies\jules@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jules\Cookies\jules@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jules\Cookies\jules@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jules\Cookies\jules@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jules\Cookies\jules@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jules\Cookies\jules@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jules\Cookies\jules@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jules\Cookies\jules@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jules\Cookies\jules@www.myaffiliateprogram[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jules\Cookies\jules@zedo[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jules\Cookies\jules@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jules\Cookies\jules@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jules\Cookies\jules@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jules\Cookies\jules@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jules\Cookies\jules@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jules\Cookies\jules@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jules\Cookies\jules@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jules\Cookies\jules@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jules\Cookies\jules@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jules\Cookies\jules@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Jules\Cookies\jules@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jules\Cookies\jules@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jules\Cookies\jules@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jules\Cookies\jules@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jules\Cookies\jules@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Jules\Cookies\jules@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jules\Cookies\jules@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Jules\Cookies\jules@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jules\Cookies\jules@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jules\Cookies\jules@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jules\Cookies\jules@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jules\Cookies\jules@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jules\Cookies\jules@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Jules\Cookies\jules@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jules\Cookies\jules@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jules\Cookies\jules@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jules\Cookies\jules@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jules\Cookies\jules@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jules\Cookies\jules@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jules\Cookies\jules@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Jules\Cookies\jules@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jules\Cookies\jules@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jules\Cookies\jules@tribalfusion[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jules\Cookies\jules@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jules\Cookies\jules@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jules\Cookies\jules@www.myaffiliateprogram[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jules\Cookies\jules@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jules\Cookies\jules@zedo[2].txt
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddaby.dll

Logfile of HijackThis v1.99.1
Scan saved at 6:43:38 PM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\SECRET~1\secretsmiles.exe
C:\Documents and Settings\Jules\My Documents\download\xoxjulezxox05\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Spunks3 · 04-09-2006, 04:50 PM

also, the Debug/Send Report prompt comes up OFTEN, and usually after i use the internet

tetonbob · 04-09-2006, 08:02 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\WINANTIVIRUS PRO 2006]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! Download & run this tool to find out for sure.....

http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MyWay or MyWaySA (Search Assistant)

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------

Delete the following Files/Folders if they exist:

C:\WINDOWS\system32\ddaby.dll
C:\Program Files\MyWaySA

---------------------------------------------------------------------------------------------

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Do Not Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

Ewido
Kaspersky
HJT

Spunks3 · 04-13-2006, 07:38 PM

KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 12, 2006 3:29:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 12/04/2006
Kaspersky Anti-Virus database records: 187808

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 51824
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:53:39

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0011904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0012572.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0012573.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 3:37:31 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Documents and Settings\Jules\My Documents\download\cims10fau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

greyknight17 · 04-13-2006, 08:09 PM

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Where is the Ewido log?

Spunks3 · 04-16-2006, 01:30 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:27:07 PM, 4/16/2006
+ Report-Checksum: 75503986

+ Scan result:

C:\Documents and Settings\Jules\Cookies\jules@2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
C:\Documents and Settings\Jules\Cookies\jules@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Jules\Cookies\jules@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned without backup
C:\Documents and Settings\Jules\Cookies\jules@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Jules\Cookies\jules@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@ehg-ignitemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jules\Cookies\jules@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup

::Report End

tetonbob · 04-16-2006, 09:43 PM

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Please ensure that you have already patched your system against the recent WMF exploit.
Go to this page to get the KB912919 patch.

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Spunks3 · 04-17-2006, 11:06 AM

thnx a bunch for the help, i really appreciate it. There is one last issue i need to adress. When i open up internet explorer, 5 times out of 10, i will get the messege about Debug, Send Problem, or Repair. Also i noticed that the web oage changes to about:blank, or a new window will open that says about:blank. other than that it seems to be working perfectly.

greyknight17 · 04-20-2006, 12:50 PM

See if this fixes the issue with the browser crashing:
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.

Go to a site and set it as your default homepage so it won't be about:blank anymore.

Spunks3 · 04-22-2006, 11:19 AM

you can close this, thxn guys

04-04-2006, 04:10 PM	#1 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	blackworm? this error messege will pop-up and when i try to click the cancel button the screen turns blue and freezes... i cant do anything and i have to reset the computer... the intruction at "0x100514cc" referenced memory at "0x00000000". the memory could not be "written". click of to terminate program...click cancel to debug also a messege box pops up saying that i have been infected with the blackworm virus... Logfile of HijackThis v1.99.1 Scan saved at 6:03:26 PM, on 4/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Webshots\webshots.scr C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\SECRET~1\secretsmiles.exe C:\WINDOWS\system32\wuauclt.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jules\My Documents\download\cims10fau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\system32\mljjh.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

04-04-2006, 11:42 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,548 OS: 2000 Pro; XP Pro; XP Home	Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log. Also do this: We need to update your Java as it is out of date. The older version is most likely the cause of your infection, and it needs to be updated so that you do not contract this infection again. Updating Java: Go to Start > Control Panel double-click on the Software icon > add/remove programs. Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) It may have a coffee cup icon next to it. Select it and click Remove. Then Download and install the newest version from here: http://www.java.com/en/download/manual.jsp Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------- __________________ Practice Safe Surfing* PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-09-2006, 08:02 PM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,548 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. --------------------------------------------------------------------------------------------- Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\WINANTIVIRUS PRO 2006] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Download and install CleanUp! NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! Download & run this tool to find out for sure..... http://www.kellys-korner-xp.com/regs...p_whichcpu.exe --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: MyWay or MyWaySA (Search Assistant) --------------------------------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. --------------------------------------------------------------------------------------------- Delete the following Files/Folders if they exist: C:\WINDOWS\system32\ddaby.dll C:\Program Files\MyWaySA --------------------------------------------------------------------------------------------- Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Do Not Reboot/logoff when prompted. * CleanUp! will not create any backups!! --------------------------------------------------------------------------------------------- Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. --------------------------------------------------------------------------------------------- Restart in normal mode. --------------------------------------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please return with logs from: Ewido Kaspersky HJT __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-13-2006, 08:09 PM	#7 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore. Where is the Ewido log? __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-16-2006, 09:43 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,548 OS: 2000 Pro; XP Pro; XP Home	Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch. Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-09-2006, 04:50 PM	#4 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	also, the Debug/Send Report prompt comes up OFTEN, and usually after i use the internet

04-13-2006, 07:38 PM	#6 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	KASPERSKY ON-LINE SCANNER REPORT Wednesday, April 12, 2006 3:29:42 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 12/04/2006 Kaspersky Anti-Virus database records: 187808 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 51824 Number of viruses found 2 Number of infected objects 3 Number of suspicious objects 0 Duration of the scan process 00:53:39 Infected Object Name Virus Name Last Action C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0011904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0012572.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0012573.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 3:37:31 PM, on 4/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Digital Line Detect\DLG.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\SECRET~1\run.exe C:\Documents and Settings\Jules\My Documents\download\cims10fau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

04-16-2006, 01:30 PM	#8 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:27:07 PM, 4/16/2006 + Report-Checksum: 75503986 + Scan result: C:\Documents and Settings\Jules\Cookies\jules@2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup C:\Documents and Settings\Jules\Cookies\jules@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup C:\Documents and Settings\Jules\Cookies\jules@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned without backup C:\Documents and Settings\Jules\Cookies\jules@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned without backup C:\Documents and Settings\Jules\Cookies\jules@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@ehg-ignitemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Jules\Cookies\jules@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup ::Report End

04-17-2006, 11:06 AM	#10 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	thnx a bunch for the help, i really appreciate it. There is one last issue i need to adress. When i open up internet explorer, 5 times out of 10, i will get the messege about Debug, Send Problem, or Repair. Also i noticed that the web oage changes to about:blank, or a new window will open that says about:blank. other than that it seems to be working perfectly.

04-20-2006, 12:50 PM	#11 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	See if this fixes the issue with the browser crashing: Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Go to a site and set it as your default homepage so it won't be about:blank anymore. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

04-22-2006, 11:19 AM	#12 (permalink)
Spunks3 Registered User Join Date: Mar 2005 Posts: 103 OS: XP	you can close this, thxn guys