here is my log, plz help!!!!

dg510 · 04-12-2006, 04:10 PM

my computer began to restart all on its own within the past few days. im not quit sure what brought it on. didn't d/l anything wierd or whatever, anyways here is my log hope you guys can help me.

thanks in advance, D

Logfile of HijackThis v1.99.1
Scan saved at 3:55:28 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsel.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\WINDOWS\adsldpbk.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: C:\WINDOWS\q36171125_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q36171125_disk.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbj.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\hk.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q10840062_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q36171125_disk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

Vikesrock8411 · 04-12-2006, 04:30 PM

Hello and welcome to TSF. We would ask that you please copy and paste all future logs into your posts instead of attaching them, this makes it easier for us to address your posts in a timely manner.

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

I see you have disabled some startup entries using MSConfig. This makes it diffcult for us to see all the infections present on your system because they are hidden from Hijackthis. Please open MSConfig and set it to normal startup before running a new scan with Hijackthis.

Downloads(make sure to save these in a permanent location)
win32delfkil.exe-Save it on your desktop.

Tools

Double click on win32delfkil.exe and install it. This creates a new folder on your desktop called win32delfkil.
Close all windows and open the win32delfkil folder and double click on fix.bat.
Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually.
Include the contents of the logfile c:\windelf.txt in your next reply.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.

At the end of the scan click on see report. Then click Save report

Please post that log in your next reply.

In your next post please include:

Windelf.txt
Panda Activescan Log
A new Hijackthis! Log

dg510 · 04-13-2006, 05:47 PM

hey thanks for the simple easy instructions.. very nice of you. im not sure if this matters or not but when i sent the "error report" to windows it showed me this: http://oca.microsoft.com/en/response...88a6244&SID=11 not sure if thats the problem. just thought i should mention it. anywhom here are the three logs:

Logfile of HijackThis v1.99.1
Scan saved at 4:23:25 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\alt.exe
C:\windows\alexa.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsel.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\WINDOWS\adsldpbk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: C:\WINDOWS\q36171125_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q36171125_disk.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbj.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\hk.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q10840062_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q36171125_disk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie

BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
q100945250_disk.dll
q101114765_disk.dll
q101139125_disk.dll
q104548703_disk.dll
q104718078_disk.dll
q104742281_disk.dll
q108085656_disk.dll
q108321296_disk.dll
q108344265_disk.dll
q10840062_disk.dll
q10844750_disk.dll
q10877140_disk.dll
q10956109_disk.dll
q10989031_disk.dll
q11059718_disk.dll
q111753375_disk.dll
q111923312_disk.dll
q111946375_disk.dll
q115354937_disk.dll
q115527312_disk.dll
q115548093_disk.dll
q118957859_disk.dll
q119131546_disk.dll
q119150156_disk.dll
q122559921_disk.dll
q122735468_disk.dll
q122752468_disk.dll
q126162359_disk.dll
q126340937_disk.dll
q126354390_disk.dll
q129765968_disk.dll
q129956203_disk.dll
q133368953_disk.dll
q133551328_disk.dll
q133558015_disk.dll
q136971937_disk.dll
q137048937_disk.dll
q137155640_disk.dll
q137159453_disk.dll
q140576968_disk.dll
q140760531_disk.dll
q140762250_disk.dll
q144104671_disk.dll
q144178562_disk.dll
q144365546_disk.dll
q144367546_disk.dll
q14446093_disk.dll
q14558562_disk.dll
q14662421_disk.dll
q14692343_disk.dll
q147780328_disk.dll
q147853421_disk.dll
q147966953_disk.dll
q147971796_disk.dll
q151386156_disk.dll
q151568546_disk.dll
q151578375_disk.dll
q154989921_disk.dll
q155170421_disk.dll
q155181937_disk.dll
q158595968_disk.dll
q158772062_disk.dll
q162199109_disk.dll
q162375265_disk.dll
q162407625_disk.dll
q165803437_disk.dll
q166011343_disk.dll
q169408859_disk.dll
q169578046_disk.dll
q169614687_disk.dll
q173012625_disk.dll
q173179812_disk.dll
q173219843_disk.dll
q176617375_disk.dll
q176780828_disk.dll
q176823156_disk.dll
q180221125_disk.dll
q180382859_disk.dll
q180429500_disk.dll
q18047593_disk.dll
q18083328_disk.dll
q18160390_disk.dll
q18264906_disk.dll
q18295187_disk.dll
q183823765_disk.dll
q183984906_disk.dll
q184032421_disk.dll
q187351296_disk.dll
q187429250_disk.dll
q187586203_disk.dll
q187636359_disk.dll
q191034265_disk.dll
q191069343_disk.dll
q191192062_disk.dll
q191240031_disk.dll
q194637828_disk.dll
q194794531_disk.dll
q194843625_disk.dll
q198243296_disk.dll
q198396578_disk.dll
q198447625_disk.dll
q201848265_disk.dll
q201998484_disk.dll
q202051781_disk.dll
q205600453_disk.dll
q205654828_disk.dll
q209054906_disk.dll
q209201921_disk.dll
q209259421_disk.dll
q212663031_disk.dll
q212804906_disk.dll
q212863609_disk.dll
q216265484_disk.dll
q216406953_disk.dll
q216470765_disk.dll
q21685156_disk.dll
q21796812_disk.dll
q21873343_disk.dll
q21897531_disk.dll
q219870015_disk.dll
q220009000_disk.dll
q223380250_disk.dll
q223473125_disk.dll
q223612328_disk.dll
q223682734_disk.dll
q227075859_disk.dll
q227215312_disk.dll
q227286218_disk.dll
q230679515_disk.dll
q230816796_disk.dll
q230890640_disk.dll
q234284234_disk.dll
q234419531_disk.dll
q234494437_disk.dll
q237890015_disk.dll
q238021421_disk.dll
q238098968_disk.dll
q241494093_disk.dll
q241702000_disk.dll
q245099781_disk.dll
q245223984_disk.dll
q245307031_disk.dll
q248703359_disk.dll
q248825828_disk.dll
q248911515_disk.dll
q252307906_disk.dll
q252427109_disk.dll
q25244968_disk.dll
q252515218_disk.dll
q25254218_disk.dll
q25288859_disk.dll
q25363390_disk.dll
q25476937_disk.dll
q25499515_disk.dll
q255821890_disk.dll
q255911921_disk.dll
q256027984_disk.dll
q256120015_disk.dll
q259517578_disk.dll
q259629109_disk.dll
q259737859_disk.dll
q263122187_disk.dll
q263230250_disk.dll
q263341421_disk.dll
q266725359_disk.dll
q266946250_disk.dll
q270330843_disk.dll
q270550484_disk.dll
q273935609_disk.dll
q274048953_disk.dll
q274155187_disk.dll
q277540859_disk.dll
q277650140_disk.dll
q277764359_disk.dll
q281146703_disk.dll
q281252640_disk.dll
q284646812_disk.dll
q284971718_disk.dll
q288248906_disk.dll
q288355890_disk.dll
q28855796_disk.dll
q28892265_disk.dll
q28966218_disk.dll
q29010390_disk.dll
q29079859_disk.dll
q291850187_disk.dll
q291960546_disk.dll
q292184031_disk.dll
q295568125_disk.dll
q295659687_disk.dll
q299054578_disk.dll
q299173421_disk.dll
q299395484_disk.dll
q302656078_disk.dll
q302777984_disk.dll
q302863046_disk.dll
q306259343_disk.dll
q306383281_disk.dll
q309860406_disk.dll
q309987671_disk.dll
q313461875_disk.dll
q313592375_disk.dll
q317196718_disk.dll
q320665515_disk.dll
q324267578_disk.dll
q32457546_disk.dll
q32495546_disk.dll
q32568750_disk.dll
q32682546_disk.dll
q32702703_disk.dll
q327868468_disk.dll
q328029234_disk.dll
q331470109_disk.dll
q331632000_disk.dll
q335071453_disk.dll
q335234156_disk.dll
q338673046_disk.dll
q338836656_disk.dll
q342274484_disk.dll
q342439109_disk.dll
q346040937_disk.dll
q349481062_disk.dll
q349644296_disk.dll
q353084250_disk.dll
q353246968_disk.dll
q356686578_disk.dll
q356847765_disk.dll
q360289140_disk.dll
q360448609_disk.dll
q36059000_disk.dll
q36098203_disk.dll
q36171125_disk.dll
q36284453_disk.dll
q36308640_disk.dll
q3633734_disk.dll
q363890953_disk.dll
q364050203_disk.dll
q3641906_disk.dll
q3670937_disk.dll
q367493718_disk.dll
q371095609_disk.dll
q3749734_disk.dll
q378297859_disk.dll
q3783562_disk.dll
q381898765_disk.dll
q385500468_disk.dll
q3885187_disk.dll
q389101515_disk.dll
q392703484_disk.dll
q39701078_disk.dll
q39890406_disk.dll
q39911343_disk.dll
q399906812_disk.dll
q403509109_disk.dll
q407110687_disk.dll
q410714546_disk.dll
q417919750_disk.dll
q425123328_disk.dll
q428724546_disk.dll
q432324984_disk.dll
q43266765_disk.dll
q43304500_disk.dll
q43491937_disk.dll
q435926390_disk.dll
q439528171_disk.dll
q443130812_disk.dll
q450335187_disk.dll
q453937062_disk.dll
q457538031_disk.dll
q461139359_disk.dll
q464741609_disk.dll
q468342375_disk.dll
q46869750_disk.dll
q46904718_disk.dll
q46907203_disk.dll
q47093843_disk.dll
q475548125_disk.dll
q479150125_disk.dll
q482753328_disk.dll
q486359531_disk.dll
q489961843_disk.dll
q493564640_disk.dll
q497168671_disk.dll
q50472312_disk.dll
q50510640_disk.dll
q50630781_disk.dll
q50695671_disk.dll
q54074968_disk.dll
q54112250_disk.dll
q54298828_disk.dll
q57715031_disk.dll
q57902187_disk.dll
q61317828_disk.dll
q61504781_disk.dll
q64921156_disk.dll
q65108343_disk.dll
q68468984_disk.dll
q68522437_disk.dll
q68644171_disk.dll
q68710250_disk.dll
q72124515_disk.dll
q72248343_disk.dll
q72312343_disk.dll
q7236734_disk.dll
q7243296_disk.dll
q7273593_disk.dll
q7290500_disk.dll
q7353015_disk.dll
q7456796_disk.dll
q7488593_disk.dll
q75727890_disk.dll
q75808406_disk.dll
q75853500_disk.dll
q75914640_disk.dll
q79330546_disk.dll
q79458968_disk.dll
q79517765_disk.dll
q82933203_disk.dll
q83120875_disk.dll
q86536218_disk.dll
q90138265_disk.dll
q90305687_disk.dll
q90331281_disk.dll
q93722875_disk.dll
q93739421_disk.dll
q93908437_disk.dll
q93933968_disk.dll
q97341750_disk.dll
q97511796_disk.dll
q97536515_disk.dll
adsldpbg.dll
adsldpbm.dll
admparsel.dll
slassac.dll
mpatrol.dll
netdde.dll
alt.exe

File(s) found in system32 folder
--------------------------------
admparsel.dll
prflbmsgp32.dll
st3.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{B212D577-05B7-4963-911E-4A8588160DFA} REG_SZ style 2
{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} REG_SZ z
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} REG_SZ z
{C7CF1142-0785-4B12-A280-B64681E4D45E} REG_SZ z
{0B5F7FDF-0717-45BF-B49D-695F3168C7FE} REG_SZ Master Browseui
{B29BE267-3A64-4F7E-8A57-75FB5E900506} REG_SZ Windows Updater

Notify key
----------
subkey style2 is present!
subkey style32 is present!
subkey st3 is present!
subkey cfgmngr32 is present!

AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------

Incident Status Location

Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\ALEXA.EXE
Adware:Adware/Alexa-Toolbar Not disinfected C:\windows\alexa.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Parallel Tasking\ptask.exe
Adware:adware/clicker.b Not disinfected C:\WINDOWS\SYSTEM32\clbcatix.dll
Dialer:dialer.cos Not disinfected C:\Documents and Settings\Owner\Favorites\exsplorer.lnk
Dialer:dialer.akd Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TTUNIM
Dialer:dialer.cso Not disinfected HKEY_CLASSES_ROOT\CCACCESS.CHECKCONTROL
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Dialer:dialer.bqw Not disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.ehg-ati.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.bfast.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.revenue.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Matrix.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Parser.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\win32delfkil\Process.exe
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85U7CX6N\adsldpbj[1].dll
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G12ZO16R\adsldpbh[1].dll
Spyware:Spyware/ClientMan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUZ0DMN\adsldpbg[1].dll
Virus:Trj/Clicker.ME Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ63YPQ9\alt[1].exe
Adware:Adware/Miamore Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WPI7YN4L\adsldpbf[3].dll
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Parallel Tasking\ptask.exe
Adware:Adware/SearchNo Not disinfected C:\WINDOWS\1.d
Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\alexa.exe
Virus:Trj/Downloader.EIA Not disinfected C:\WINDOWS\cpblpbc1.log
Adware:Adware/Miamore Not disinfected C:\WINDOWS\cpblpbc3.log
Adware:Adware/Miamore Not disinfected C:\WINDOWS\cpblpbc5.log
Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\cpblpbc7.log
Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\cpblpbc8.log
Virus:Trj/WtlClicker.A Not disinfected C:\WINDOWS\system32\abcd.exe
Dialer:Dialer.CSO Not disinfected C:\WINDOWS\system32\checkIn.dll

thats all of it, thanks for the help

-DG

greyknight17 · 04-13-2006, 06:35 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Make sure the word CURRENTVERSION below does not contain any spaces...
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\TTUNIM]
[-HKEY_CLASSES_ROOT\CCACCESS.CHECKCONTROL]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Settings->Delete Files and click OK and OK.

Delete your Firefox temp files (Tools->Clear Private Data).

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Don't run it yet.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ).

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsel.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\WINDOWS\adsldpbk.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: C:\WINDOWS\q36171125_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q36171125_disk.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll
O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbj.dll (file missing)
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\hk.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q10840062_disk.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q36171125_disk.dll

Locate and delete the following:

Now open Ewido and do a scan on your system.

* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
Exit Ewido when it's done.
* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\windows\alexa.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\WINDOWS\SYSTEM32\clbcatix.dll
C:\Documents and Settings\Owner\Favorites\exsplorer.lnk
C:\Program Files\Parallel Tasking\
C:\WINDOWS\1.d
C:\WINDOWS\cpblpbc1.log
C:\WINDOWS\cpblpbc3.log
C:\WINDOWS\cpblpbc5.log
C:\WINDOWS\cpblpbc7.log
C:\WINDOWS\cpblpbc8.log
C:\WINDOWS\system32\abcd.exe
C:\WINDOWS\system32\checkIn.dll
C:\WINDOWS\admparsel.dll
C:\WINDOWS\netdde.dll
C:\WINDOWS\slassac.dll
C:\WINDOWS\q36171125_disk.dll
C:\WINDOWS\prflbmsgp32.dll (file missing)
C:\WINDOWS\mpatrol.dll
C:\WINDOWS\system32\adsldpbm.dll
C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe
C:\WINDOWS\alt.exe
C:\Documents and Settings\Owner\Application Data\sgrunt\
C:\WINDOWS\system32\hk.dll
C:\WINDOWS\system32\st3.dll
C:\WINDOWS\q10840062_disk.dll
C:\WINDOWS\q36171125_disk.dll

If you get a PendingOperations message, just close it and restart your computer manually.

Restart your computer to get back to Normal Mode. Post the Ewido report and a new HijackThis log here.

dg510 · 04-13-2006, 11:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:13:29 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:03:56 PM, 4/13/2006
+ Report-Checksum: 649310B1

+ Scan result:

HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Alexa Internet -> Adware.Alexa : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-2222-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D82BB89-B58C-4F21-9C5D-377F65947806} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D82BB89-B58C-4F21-9C5D-377F65947806} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup
HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\FreeTetris.exe/cd_load.exe -> Adware.Cydoor : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\FreeTetris.exe/cd_swf.dll -> Adware.Cydoor : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\ShortEx6.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\dennis\System\zipped\SuperMario2.zip/southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\FreeTetris.exe/cd_load.exe -> Adware.Cydoor : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\FreeTetris.exe/cd_swf.dll -> Adware.Cydoor : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\ShortEx6.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\zipped\SuperMario2.zip/southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup
C:\WINDOWS\cpblpbc10.log -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\cpblpbc8.log -> Adware.CWS : Cleaned with backup

::Report End

here ya go, thanks again

Vikesrock8411 · 04-15-2006, 03:49 PM

It appears that Killbox was able to take out all the WinDelf files with no problem and Ewido seems to have taken care fo the reg keys. To make sure I am going to have you run Win32Delfkil one more time to make sure it is completely removed from your system.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Close all windows and open the win32delfkil folder and double click on fix.bat.
Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually.
Include the contents of the logfile c:\windelf.txt in your next reply.

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
ShowWnd.exe<<<Find via Start>Search

Reboot your system in Normal Mode.

Post a new Hijackthis log along with the Windelf log in your next reply.

dg510 · 04-16-2006, 04:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:53:30 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie

BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------

AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------

what you think??

thanks for all the help

Vikesrock8411 · 04-16-2006, 06:59 PM

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

Tick the checkbox - Turn off System Restore on all drives
Click Apply
Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

dg510 · 04-16-2006, 08:39 PM

thanks for all the help!! the problem seems to be gone, from the list of thigs you recommened i have avgfree, zone alarm, adware se and firefox so lets see what that will do. if i run into any more problem ill let you know but for know i am great, thanks again.

04-12-2006, 04:30 PM	#2 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Hello and welcome to TSF. We would ask that you please copy and paste all future logs into your posts instead of attaching them, this makes it easier for us to address your posts in a timely manner. I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. I see you have disabled some startup entries using MSConfig. This makes it diffcult for us to see all the infections present on your system because they are hidden from Hijackthis. Please open MSConfig and set it to normal startup before running a new scan with Hijackthis. Downloads(make sure to save these in a permanent location) win32delfkil.exe-Save it on your desktop. Tools Double click on win32delfkil.exe and install it. This creates a new folder on your desktop called win32delfkil. Close all windows and open the win32delfkil folder and double click on fix.bat. Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually. Include the contents of the logfile c:\windelf.txt in your next reply. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually. At the end of the scan click on see report. Then click Save report Please post that log in your next reply. In your next post please include: Windelf.txt Panda Activescan Log A new Hijackthis! Log

04-13-2006, 05:47 PM	#3 (permalink)
dg510 Registered User Join Date: Apr 2006 Location: vallejo Posts: 55 OS: windows xp	here ya goooo hey thanks for the simple easy instructions.. very nice of you. im not sure if this matters or not but when i sent the "error report" to windows it showed me this: http://oca.microsoft.com/en/response...88a6244&SID=11 not sure if thats the problem. just thought i should mention it. anywhom here are the three logs: Logfile of HijackThis v1.99.1 Scan saved at 4:23:25 PM, on 4/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Parallel Tasking\ptask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\AIM95\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\alt.exe C:\windows\alexa.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsel.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\WINDOWS\adsldpbk.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing) O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: C:\WINDOWS\q36171125_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q36171125_disk.dll O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing) O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbj.dll (file missing) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.contentcooler.biz O15 - Trusted Zone: www.new-access.biz O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437 O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\hk.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: style2 - C:\WINDOWS\q10840062_disk.dll O20 - Winlogon Notify: style32 - C:\WINDOWS\q36171125_disk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS ************************ * WIN32DELFKIL LOGFILE * ********************** by Marckie BEFORE RUNNING WIN32DELFKIL *********************** File(s) found in Windows directory ---------------------------------- q100945250_disk.dll q101114765_disk.dll q101139125_disk.dll q104548703_disk.dll q104718078_disk.dll q104742281_disk.dll q108085656_disk.dll q108321296_disk.dll q108344265_disk.dll q10840062_disk.dll q10844750_disk.dll q10877140_disk.dll q10956109_disk.dll q10989031_disk.dll q11059718_disk.dll q111753375_disk.dll q111923312_disk.dll q111946375_disk.dll q115354937_disk.dll q115527312_disk.dll q115548093_disk.dll q118957859_disk.dll q119131546_disk.dll q119150156_disk.dll q122559921_disk.dll q122735468_disk.dll q122752468_disk.dll q126162359_disk.dll q126340937_disk.dll q126354390_disk.dll q129765968_disk.dll q129956203_disk.dll q133368953_disk.dll q133551328_disk.dll q133558015_disk.dll q136971937_disk.dll q137048937_disk.dll q137155640_disk.dll q137159453_disk.dll q140576968_disk.dll q140760531_disk.dll q140762250_disk.dll q144104671_disk.dll q144178562_disk.dll q144365546_disk.dll q144367546_disk.dll q14446093_disk.dll q14558562_disk.dll q14662421_disk.dll q14692343_disk.dll q147780328_disk.dll q147853421_disk.dll q147966953_disk.dll q147971796_disk.dll q151386156_disk.dll q151568546_disk.dll q151578375_disk.dll q154989921_disk.dll q155170421_disk.dll q155181937_disk.dll q158595968_disk.dll q158772062_disk.dll q162199109_disk.dll q162375265_disk.dll q162407625_disk.dll q165803437_disk.dll q166011343_disk.dll q169408859_disk.dll q169578046_disk.dll q169614687_disk.dll q173012625_disk.dll q173179812_disk.dll q173219843_disk.dll q176617375_disk.dll q176780828_disk.dll q176823156_disk.dll q180221125_disk.dll q180382859_disk.dll q180429500_disk.dll q18047593_disk.dll q18083328_disk.dll q18160390_disk.dll q18264906_disk.dll q18295187_disk.dll q183823765_disk.dll q183984906_disk.dll q184032421_disk.dll q187351296_disk.dll q187429250_disk.dll q187586203_disk.dll q187636359_disk.dll q191034265_disk.dll q191069343_disk.dll q191192062_disk.dll q191240031_disk.dll q194637828_disk.dll q194794531_disk.dll q194843625_disk.dll q198243296_disk.dll q198396578_disk.dll q198447625_disk.dll q201848265_disk.dll q201998484_disk.dll q202051781_disk.dll q205600453_disk.dll q205654828_disk.dll q209054906_disk.dll q209201921_disk.dll q209259421_disk.dll q212663031_disk.dll q212804906_disk.dll q212863609_disk.dll q216265484_disk.dll q216406953_disk.dll q216470765_disk.dll q21685156_disk.dll q21796812_disk.dll q21873343_disk.dll q21897531_disk.dll q219870015_disk.dll q220009000_disk.dll q223380250_disk.dll q223473125_disk.dll q223612328_disk.dll q223682734_disk.dll q227075859_disk.dll q227215312_disk.dll q227286218_disk.dll q230679515_disk.dll q230816796_disk.dll q230890640_disk.dll q234284234_disk.dll q234419531_disk.dll q234494437_disk.dll q237890015_disk.dll q238021421_disk.dll q238098968_disk.dll q241494093_disk.dll q241702000_disk.dll q245099781_disk.dll q245223984_disk.dll q245307031_disk.dll q248703359_disk.dll q248825828_disk.dll q248911515_disk.dll q252307906_disk.dll q252427109_disk.dll q25244968_disk.dll q252515218_disk.dll q25254218_disk.dll q25288859_disk.dll q25363390_disk.dll q25476937_disk.dll q25499515_disk.dll q255821890_disk.dll q255911921_disk.dll q256027984_disk.dll q256120015_disk.dll q259517578_disk.dll q259629109_disk.dll q259737859_disk.dll q263122187_disk.dll q263230250_disk.dll q263341421_disk.dll q266725359_disk.dll q266946250_disk.dll q270330843_disk.dll q270550484_disk.dll q273935609_disk.dll q274048953_disk.dll q274155187_disk.dll q277540859_disk.dll q277650140_disk.dll q277764359_disk.dll q281146703_disk.dll q281252640_disk.dll q284646812_disk.dll q284971718_disk.dll q288248906_disk.dll q288355890_disk.dll q28855796_disk.dll q28892265_disk.dll q28966218_disk.dll q29010390_disk.dll q29079859_disk.dll q291850187_disk.dll q291960546_disk.dll q292184031_disk.dll q295568125_disk.dll q295659687_disk.dll q299054578_disk.dll q299173421_disk.dll q299395484_disk.dll q302656078_disk.dll q302777984_disk.dll q302863046_disk.dll q306259343_disk.dll q306383281_disk.dll q309860406_disk.dll q309987671_disk.dll q313461875_disk.dll q313592375_disk.dll q317196718_disk.dll q320665515_disk.dll q324267578_disk.dll q32457546_disk.dll q32495546_disk.dll q32568750_disk.dll q32682546_disk.dll q32702703_disk.dll q327868468_disk.dll q328029234_disk.dll q331470109_disk.dll q331632000_disk.dll q335071453_disk.dll q335234156_disk.dll q338673046_disk.dll q338836656_disk.dll q342274484_disk.dll q342439109_disk.dll q346040937_disk.dll q349481062_disk.dll q349644296_disk.dll q353084250_disk.dll q353246968_disk.dll q356686578_disk.dll q356847765_disk.dll q360289140_disk.dll q360448609_disk.dll q36059000_disk.dll q36098203_disk.dll q36171125_disk.dll q36284453_disk.dll q36308640_disk.dll q3633734_disk.dll q363890953_disk.dll q364050203_disk.dll q3641906_disk.dll q3670937_disk.dll q367493718_disk.dll q371095609_disk.dll q3749734_disk.dll q378297859_disk.dll q3783562_disk.dll q381898765_disk.dll q385500468_disk.dll q3885187_disk.dll q389101515_disk.dll q392703484_disk.dll q39701078_disk.dll q39890406_disk.dll q39911343_disk.dll q399906812_disk.dll q403509109_disk.dll q407110687_disk.dll q410714546_disk.dll q417919750_disk.dll q425123328_disk.dll q428724546_disk.dll q432324984_disk.dll q43266765_disk.dll q43304500_disk.dll q43491937_disk.dll q435926390_disk.dll q439528171_disk.dll q443130812_disk.dll q450335187_disk.dll q453937062_disk.dll q457538031_disk.dll q461139359_disk.dll q464741609_disk.dll q468342375_disk.dll q46869750_disk.dll q46904718_disk.dll q46907203_disk.dll q47093843_disk.dll q475548125_disk.dll q479150125_disk.dll q482753328_disk.dll q486359531_disk.dll q489961843_disk.dll q493564640_disk.dll q497168671_disk.dll q50472312_disk.dll q50510640_disk.dll q50630781_disk.dll q50695671_disk.dll q54074968_disk.dll q54112250_disk.dll q54298828_disk.dll q57715031_disk.dll q57902187_disk.dll q61317828_disk.dll q61504781_disk.dll q64921156_disk.dll q65108343_disk.dll q68468984_disk.dll q68522437_disk.dll q68644171_disk.dll q68710250_disk.dll q72124515_disk.dll q72248343_disk.dll q72312343_disk.dll q7236734_disk.dll q7243296_disk.dll q7273593_disk.dll q7290500_disk.dll q7353015_disk.dll q7456796_disk.dll q7488593_disk.dll q75727890_disk.dll q75808406_disk.dll q75853500_disk.dll q75914640_disk.dll q79330546_disk.dll q79458968_disk.dll q79517765_disk.dll q82933203_disk.dll q83120875_disk.dll q86536218_disk.dll q90138265_disk.dll q90305687_disk.dll q90331281_disk.dll q93722875_disk.dll q93739421_disk.dll q93908437_disk.dll q93933968_disk.dll q97341750_disk.dll q97511796_disk.dll q97536515_disk.dll adsldpbg.dll adsldpbm.dll admparsel.dll slassac.dll mpatrol.dll netdde.dll alt.exe File(s) found in system32 folder -------------------------------- admparsel.dll prflbmsgp32.dll st3.dll SharedTaskScheduler key ----------------------- SteelWerX Registry Console Tool 1.0 Written by Bobbi Flekman © 2005 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon {B212D577-05B7-4963-911E-4A8588160DFA} REG_SZ style 2 {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} REG_SZ z {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3 {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} REG_SZ z {C7CF1142-0785-4B12-A280-B64681E4D45E} REG_SZ z {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} REG_SZ Master Browseui {B29BE267-3A64-4F7E-8A57-75FB5E900506} REG_SZ Windows Updater Notify key ---------- subkey style2 is present! subkey style32 is present! subkey st3 is present! subkey cfgmngr32 is present! AFTER RUNNING WIN32DELFKIL ************************ File(s) found in Windows directory ---------------------------------- File(s) found in system32 folder -------------------------------- SharedTaskScheduler key ----------------------- SteelWerX Registry Console Tool 1.0 Written by Bobbi Flekman © 2005 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon Notify key ---------- Incident Status Location Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\ALEXA.EXE Adware:Adware/Alexa-Toolbar Not disinfected C:\windows\alexa.exe Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Parallel Tasking\ptask.exe Adware:adware/clicker.b Not disinfected C:\WINDOWS\SYSTEM32\clbcatix.dll Dialer:dialer.cos Not disinfected C:\Documents and Settings\Owner\Favorites\exsplorer.lnk Dialer:dialer.akd Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TTUNIM Dialer:dialer.cso Not disinfected HKEY_CLASSES_ROOT\CCACCESS.CHECKCONTROL Adware:adware/alexa-toolbar Not disinfected Windows Registry Dialer:dialer.bqw Not disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.2o7.net/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.ehg-ati.hitbox.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[servedby.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.advertising.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.atwola.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.z1.adserver.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.apmebf.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.apmebf.com/] Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[www.myaffiliateprogram.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.phg.hitbox.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.entrepreneur.com/] Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.bfast.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.valueclick.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.revenue.net/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt[] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[Installer.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-35ebd0fa.zip[NewURLClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Matrix.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Counter.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Dummy.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-352e3708.zip[Parser.class] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\win32delfkil\Process.exe Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85U7CX6N\adsldpbj[1].dll Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G12ZO16R\adsldpbh[1].dll Spyware:Spyware/ClientMan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUZ0DMN\adsldpbg[1].dll Virus:Trj/Clicker.ME Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ63YPQ9\alt[1].exe Adware:Adware/Miamore Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WPI7YN4L\adsldpbf[3].dll Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Parallel Tasking\ptask.exe Adware:Adware/SearchNo Not disinfected C:\WINDOWS\1.d Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\alexa.exe Virus:Trj/Downloader.EIA Not disinfected C:\WINDOWS\cpblpbc1.log Adware:Adware/Miamore Not disinfected C:\WINDOWS\cpblpbc3.log Adware:Adware/Miamore Not disinfected C:\WINDOWS\cpblpbc5.log Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\cpblpbc7.log Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\cpblpbc8.log Virus:Trj/WtlClicker.A Not disinfected C:\WINDOWS\system32\abcd.exe Dialer:Dialer.CSO Not disinfected C:\WINDOWS\system32\checkIn.dll thats all of it, thanks for the help -DG

04-13-2006, 06:35 PM	#4 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,327 OS: Windows 98 & Windows XP Home/Pro My System	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Make sure the word CURRENTVERSION below does not contain any spaces... Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: REGEDIT4 [-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC] [-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\TTUNIM] [-HKEY_CLASSES_ROOT\CCACCESS.CHECKCONTROL] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK. If you have Java 1.5, do this instead. Start->Control Panel->Java->Settings->Delete Files and click OK and OK. Delete your Firefox temp files (Tools->Clear Private Data). Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Don't run it yet. Please download Ewido Security Suite at http://www.ewido.net/en/download/. 1. Install Ewido Security Suite. 2. When installing, under 'Additional Options' uncheck: * Install background guard * Install scan via context menu 3. Launch Ewido, there should be an icon on your desktop, double click it. 4. The program will now open to the main screen. 5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment. 6. You will need to update Ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'. 8. Exit Ewido. DO NOT scan yet. If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually. Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ). Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsel.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - C:\WINDOWS\adsldpbk.dll (file missing) O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll (file missing) O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll O2 - BHO: C:\WINDOWS\q36171125_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q36171125_disk.dll O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing) O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\system32\adsldpbm.dll O2 - BHO: (no name) - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbj.dll (file missing) O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.contentcooler.biz O15 - Trusted Zone: www.new-access.biz O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\hk.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: style2 - C:\WINDOWS\q10840062_disk.dll O20 - Winlogon Notify: style32 - C:\WINDOWS\q36171125_disk.dll Locate and delete the following: Now open Ewido and do a scan on your system. * Click on scanner. * Click on 'Complete System Scan' and the scan will begin. * While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK. Exit Ewido when it's done. * Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'. * Click 'Save report'. * Save the report to your desktop. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes: C:\windows\alexa.exe C:\Program Files\Parallel Tasking\ptask.exe C:\WINDOWS\SYSTEM32\clbcatix.dll C:\Documents and Settings\Owner\Favorites\exsplorer.lnk C:\Program Files\Parallel Tasking\ C:\WINDOWS\1.d C:\WINDOWS\cpblpbc1.log C:\WINDOWS\cpblpbc3.log C:\WINDOWS\cpblpbc5.log C:\WINDOWS\cpblpbc7.log C:\WINDOWS\cpblpbc8.log C:\WINDOWS\system32\abcd.exe C:\WINDOWS\system32\checkIn.dll C:\WINDOWS\admparsel.dll C:\WINDOWS\netdde.dll C:\WINDOWS\slassac.dll C:\WINDOWS\q36171125_disk.dll C:\WINDOWS\prflbmsgp32.dll (file missing) C:\WINDOWS\mpatrol.dll C:\WINDOWS\system32\adsldpbm.dll C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe C:\WINDOWS\alt.exe C:\Documents and Settings\Owner\Application Data\sgrunt\ C:\WINDOWS\system32\hk.dll C:\WINDOWS\system32\st3.dll C:\WINDOWS\q10840062_disk.dll C:\WINDOWS\q36171125_disk.dll If you get a PendingOperations message, just close it and restart your computer manually. Restart your computer to get back to Normal Mode. Post the Ewido report and a new HijackThis log here. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools Last edited by greyknight17; 04-13-2006 at 06:36 PM.

04-13-2006, 11:14 PM	#5 (permalink)
dg510 Registered User Join Date: Apr 2006 Location: vallejo Posts: 55 OS: windows xp	gettin there Logfile of HijackThis v1.99.1 Scan saved at 11:13:29 PM, on 4/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\AIM95\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:03:56 PM, 4/13/2006 + Report-Checksum: 649310B1 + Scan result: HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Alexa Internet -> Adware.Alexa : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-2222-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D82BB89-B58C-4F21-9C5D-377F65947806} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-2222-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{826B2228-BC09-49F2-B5F8-42CE26B1B711} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D82BB89-B58C-4F21-9C5D-377F65947806} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup HKU\S-1-5-21-855334952-2879026828-1549595678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -> Trojan.CWSMeup.b : Cleaned with backup :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned with backup :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned with backup :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned with backup :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned with backup :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned with backup :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned with backup :mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup :mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup :mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned with backup :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Tracking101 : Cleaned with backup :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned with backup :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bfast : Cleaned with backup :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Revenue : Cleaned with backup :mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0y183mk.default\cookies.txt.old -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\FreeTetris.exe/cd_load.exe -> Adware.Cydoor : Cleaned with backup C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\FreeTetris.exe/cd_swf.dll -> Adware.Cydoor : Cleaned with backup C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\ShortEx6.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned with backup C:\Documents and Settings\Owner\Desktop\dennis\System\EXE\southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup C:\Documents and Settings\Owner\Desktop\dennis\System\zipped\SuperMario2.zip/southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\FreeTetris.exe/cd_load.exe -> Adware.Cydoor : Cleaned with backup C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\FreeTetris.exe/cd_swf.dll -> Adware.Cydoor : Cleaned with backup C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\ShortEx6.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned with backup C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\EXE\southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup C:\Documents and Settings\Owner\My Documents\Save\Dennis' Files\System\zipped\SuperMario2.zip/southpm2.exe -> Hijacker.StartPage.oz : Cleaned with backup C:\WINDOWS\cpblpbc10.log -> Downloader.Delf.lh : Cleaned with backup C:\WINDOWS\cpblpbc8.log -> Adware.CWS : Cleaned with backup ::Report End here ya go, thanks again

04-15-2006, 03:49 PM	#6 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	It appears that Killbox was able to take out all the WinDelf files with no problem and Ewido seems to have taken care fo the reg keys. To make sure I am going to have you run Win32Delfkil one more time to make sure it is completely removed from your system. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Close all windows and open the win32delfkil folder and double click on fix.bat. Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually. Include the contents of the logfile c:\windelf.txt in your next reply. Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289 O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe *Please remember to close all other windows, including browsers then click Fix checked.* File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. ShowWnd.exe<<<Find via Start>Search Reboot your system in Normal Mode. Post a new Hijackthis log along with the Windelf log in your next reply.

04-16-2006, 04:57 PM	#7 (permalink)
dg510 Registered User Join Date: Apr 2006 Location: vallejo Posts: 55 OS: windows xp	good news?? Logfile of HijackThis v1.99.1 Scan saved at 4:53:30 PM, on 4/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\AIM95\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138756188437 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ************************ * WIN32DELFKIL LOGFILE * ********************** by Marckie BEFORE RUNNING WIN32DELFKIL *********************** File(s) found in Windows directory ---------------------------------- File(s) found in system32 folder -------------------------------- SharedTaskScheduler key ----------------------- SteelWerX Registry Console Tool 1.0 Written by Bobbi Flekman © 2005 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon Notify key ---------- AFTER RUNNING WIN32DELFKIL ************************ File(s) found in Windows directory ---------------------------------- File(s) found in system32 folder -------------------------------- SharedTaskScheduler key ----------------------- SteelWerX Registry Console Tool 1.0 Written by Bobbi Flekman © 2005 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon Notify key ---------- what you think?? thanks for all the help

04-16-2006, 06:59 PM	#8 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved. Setting a new Restore Point Go to Start >> Run - type control sysdm.cpl,,4 & press Enter. Tick the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Windows Update Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site. Prevention A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include: AVG Free Avast! Home Edition (Antivirus & Firewall) AntiVir A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are: Zone Alarm Outpost Tiny Personal Firewall Sunbelt Kerio Personal Firewall Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed. Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses. IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC. The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed. Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all. Alternative Programs Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Desktop Weather - Free taskbar weather program that is free, malware free, and resource light. Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

04-16-2006, 08:39 PM	#9 (permalink)
dg510 Registered User Join Date: Apr 2006 Location: vallejo Posts: 55 OS: windows xp	thanks thanks for all the help!! the problem seems to be gone, from the list of thigs you recommened i have avgfree, zone alarm, adware se and firefox so lets see what that will do. if i run into any more problem ill let you know but for know i am great, thanks again.