Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

"Byte.Verify", "Downloader" virus, and endless popups

This is a discussion on "Byte.Verify", "Downloader" virus, and endless popups within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem


 
 
Thread Tools Search this Thread
Old 07-22-2006, 06:45 PM   #1
Guest
 
Join Date: Jul 2006
Posts: 17
OS:



Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem still persists. Im getting constant popups including "netster", "heavy.com", "smashits", and others. Heres my log, and thank you in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:05 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\dfndred_7.exe
C:\kybrded_7.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CURITY~1\services.exe
C:\Program Files\s?stem\n?tdde.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ixigt.exe
F2 - REG:system.ini: UserInit=userinit.exe,ttokffy.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Tatn] "C:\PROGRA~1\CURITY~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Ihncbgpv] C:\Program Files\s?stem\n?tdde.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MetaFrame Password Manager Agent Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'ctxnsp.dll' missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - https://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...81/mcfscan.cab
O20 - Winlogon Notify: Uninstall{AA513AC9-DC6A-43DB-A79A-CBDC41A99504} - C:\WINDOWS\system32\lv0u09d9e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
Hoggle is offline  
Sponsored Links
Advertisement
 
Old 07-22-2006, 06:47 PM   #2
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Also Backdoor.DSNX, Dropper.Agent.PP and Trojan.Dropper

Was looking around in the root C drive and found some interesting things there as well, but didnt want to do anything without advice first. Heres a "dir" listing

07/22/2006 04:38 PM 586,928 626_101newer.exe
09/25/2005 11:25 PM 219,412 adlog.txt
07/22/2006 08:44 PM 627 asdf.txt
07/26/2004 06:18 PM 0 AUTOEXEC.BAT
08/26/2005 07:53 PM 11,859,569 AVG7QT.DAT
07/26/2004 06:18 PM 0 CONFIG.SYS
07/26/2004 06:28 PM 10 csb.log
05/17/2006 10:47 PM 81 CTX.DAT
07/22/2006 04:37 PM 73,728 dfndred_7.exe
07/22/2006 04:38 PM 27,648 dist13.exe
07/26/2004 06:22 PM <DIR> Documents and Settings
06/30/2006 10:41 PM <DIR> Downloads
07/22/2006 08:44 PM 32,768 drsmartload.exe
07/22/2006 08:45 PM 20,480 drsmartload45a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload46a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload849a7d.exe
07/22/2006 08:45 PM 578,560 Installer3.exe
07/22/2006 08:45 PM 290,816 installerwnusnewer.exe
11/16/2004 05:11 PM <DIR> KPCMS
07/22/2006 04:37 PM 28,672 kybrded_7.exe
07/29/2004 02:16 PM <DIR> mj-comp-files
07/22/2006 08:45 PM 25,105 MTE3NDI6ODoxNg.exe
07/22/2006 08:44 PM 25,105 MTE3NDI6ODoxNgnew.exe
09/06/2004 01:01 AM <DIR> NVIDIA
01/06/2006 12:56 PM 176 nvmixer.log
07/22/2006 08:45 PM 32,768 nwnmed_7.exe
09/20/2004 10:02 AM 17,590 PkgClnup.log
07/22/2006 08:47 PM <DIR> Program Files
07/22/2006 08:44 PM 48,190 RDFX4.exe
07/22/2006 04:38 PM 242,230 siteError.exe
07/22/2006 08:44 PM 30,208 SS1001newer.exe
07/22/2006 08:44 PM 14,848 stub_113_4_0_4_0newer.exe
07/22/2006 08:45 PM 20,480 stub_sca3.exe
07/22/2006 08:45 PM 461,368 visfx500new.exe
07/22/2006 08:45 PM 578,560 warebundle3.exe
07/22/2006 08:44 PM 578,560 warebundlenewer.exe
07/22/2006 04:37 PM 39,157 wd7gi8nnew.exe
07/22/2006 08:48 PM <DIR> WINDOWS
11/02/2005 12:21 PM <DIR> WUTemp
Hoggle is offline  
Old 07-22-2006, 07:18 PM   #3
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


And heres C:Program Files.

07/22/2006 08:47 PM <DIR> .
07/22/2006 08:47 PM <DIR> ..
07/02/2006 11:40 AM <DIR> Adobe
07/26/2004 06:25 PM <DIR> Ahead
12/15/2005 02:03 AM <DIR> AIM
11/29/2005 01:42 AM <DIR> AOD
07/26/2004 06:31 PM <DIR> AvRack
07/29/2004 02:19 PM <DIR> AWS
09/21/2004 10:18 AM <DIR> BitTorrent
07/28/2005 12:23 PM <DIR> Citrix
07/22/2006 08:44 PM <DIR> Common Files
07/22/2006 08:44 PM <DIR> Cowabanga
07/02/2006 11:40 AM <DIR> DC++
07/02/2006 11:40 AM <DIR> Diablo II
07/02/2006 11:41 AM <DIR> DivX
03/03/2006 10:37 PM <DIR> Google
08/26/2005 07:53 PM <DIR> Grisoft
07/22/2006 08:43 PM <DIR> HijackThis
07/22/2006 08:48 PM <DIR> InetGet2
07/22/2006 08:44 PM <DIR> Internet Explorer
07/22/2006 08:44 PM <DIR> Internet Optimizer
09/20/2005 10:11 PM <DIR> iPod
01/10/2006 01:33 AM <DIR> iTunes
08/15/2004 02:44 AM <DIR> Java
11/16/2004 05:11 PM <DIR> Kodak
08/21/2005 03:15 PM <DIR> Lavasoft
04/21/2005 03:09 PM <DIR> Messenger
07/26/2004 06:18 PM <DIR> microsoft frontpage
09/28/2004 12:13 PM <DIR> Microsoft Office
07/26/2004 06:17 PM <DIR> Movie Maker
07/22/2006 09:02 PM <DIR> Mozilla Firefox
07/22/2006 08:44 PM <DIR> MSN
07/26/2004 06:15 PM <DIR> MSN Gaming Zone
10/03/2004 05:55 PM <DIR> MsnMusic
07/26/2004 10:46 PM <DIR> NetMeeting
07/22/2006 08:44 PM <DIR> Network Monitor
09/06/2004 01:03 AM <DIR> NVIDIA Corporation
07/22/2006 08:44 PM <DIR> Online Services
07/26/2004 10:43 PM <DIR> Outlook Express
07/22/2006 08:47 PM <DIR> PartyPoker
12/28/2004 03:26 AM <DIR> PGP Corporation
05/27/2005 11:39 PM <DIR> QuickTime
11/18/2004 10:46 AM <DIR> Real
12/19/2004 12:04 AM <DIR> Siemens
07/22/2006 04:38 PM <DIR> SiteError Search
04/11/2006 01:58 PM <DIR> Skype
07/02/2006 01:08 PM <DIR> Spybot - Search & Destroy
07/04/2006 09:32 PM <DIR> Starcraft
08/09/2004 03:08 PM <DIR> STOPzilla!
07/02/2006 11:40 AM <DIR> Support.com
07/22/2006 08:44 PM <DIR> SurfSideKick 3
09/20/2004 10:03 AM <DIR> Symantec
09/20/2004 10:03 AM <DIR> Symantec_Client_Security
07/22/2006 04:38 PM <DIR> System Icons
07/22/2006 04:37 PM <DIR> s?stem
07/22/2006 08:46 PM <DIR> TClock
12/09/2005 10:27 PM <DIR> Teamspeak2_RC2
07/22/2006 08:44 PM <DIR> ToolBar888
07/02/2006 11:57 AM <DIR> Ubisoft
10/04/2005 04:38 PM <DIR> Valve
10/31/2005 05:35 PM <DIR> Ventrilo
11/01/2005 07:24 PM <DIR> VentSrv
09/28/2004 12:08 PM <DIR> Viewpoint
07/22/2006 04:22 PM <DIR> Warcraft III
07/22/2006 08:44 PM <DIR> webHancer
09/20/2005 08:48 PM <DIR> Webzen
07/22/2006 08:44 PM <DIR> whInstall
04/23/2006 10:23 PM <DIR> Winamp
11/02/2005 12:24 PM <DIR> winCMAPP
07/02/2006 11:40 AM <DIR> Windows Media Player
07/26/2004 06:15 PM <DIR> Windows NT
02/24/2005 03:56 PM <DIR> WinPcap
03/30/2006 01:11 PM <DIR> Wizards of the Coast
07/12/2006 10:09 AM <DIR> World of Warcraft
06/27/2005 03:10 PM <DIR> WowReader
07/20/2005 12:57 PM <DIR> XBConnect4
07/26/2004 06:18 PM <DIR> xerox
07/02/2006 11:40 AM <DIR> Yahoo!
07/22/2006 04:37 PM <DIR> ??curity


Sorry for the multiple posts on this thread. Making updates as i do more research. I figure anything i can add is helpful.
Hoggle is offline  
Sponsored Links
Advertisement
 
Old 07-23-2006, 11:39 AM   #4
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Number of running processes i dont recognize seems to have grown. Should I post the new log?
Hoggle is offline  
Old 07-23-2006, 11:49 AM   #5
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Post a new log
sUBs is offline  
Old 07-23-2006, 11:57 AM   #6
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Logfile of HijackThis v1.99.1
Scan saved at 1:57:04 PM, on 7/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\S2VlbmV5\command.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ixigt.exe
C:\WINDOWS\System32\ixigt.exe
C:\WINDOWS\System32\ixigt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\pop06ap2.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\{1452CD3A-081F-1033-0301-041021030001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CURITY~1\services.exe
C:\Program Files\s?stem\n?tdde.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Keeney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\ixigt.exe
F2 - REG:system.ini: UserInit=userinit.exe,ttokffy.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmed_7.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Tatn] "C:\PROGRA~1\CURITY~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Ihncbgpv] C:\Program Files\s?stem\n?tdde.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: kwddb.exe
O4 - Global Startup: MetaFrame Password Manager Agent Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'ctxnsp.dll' missing
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - https://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...81/mcfscan.cab
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\hr6u05j9e.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2VlbmV5\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
Hoggle is offline  
Old 07-23-2006, 12:00 PM   #7
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


This will require multiple steps. Run these 2 programs first




  1. Download and run - bfu.zip
  2. Checkmark the following boxes:
    • Use settings specified in script for the above option
    • Show log after script ends
  3. Click the Web button located on the top right corner
  4. Copy/Paste this url into the address bar of the Download script window:

    https://metallica.geekstogo.com/alcanshorty.bfu

  5. Execute the script by clicking the Execute button.
  6. When it finishes running, click the Save button for a copy of the log
  7. Post the log created by the script when you have completed the fix



* * * * * * *



1. Download this file -

https://download.bleepingcomputer.com/sUBs/combofix.exe

https://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Old 07-23-2006, 12:12 PM   #8
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Start Time= Sun 07/23/2006 1450.96
Running from: C:\hijack

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D97E1789-C170-4B94-8B76-3D5F3744B17C}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D97E1789-C170-4B94-8B76-3D5F3744B17C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D97E1789-C170-4B94-8B76-3D5F3744B17C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D97E1789-C170-4B94-8B76-3D5F3744B17C}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdsg.dll"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

14:08:09.45

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


Qoologic uninstaller found and executed
Registry entries fixed


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Keeney\Application Data\Sskknwrd.dll
C:\Documents and Settings\Keeney\Local Settings\Temporary Internet Files\Ssk.log


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



14:09:45.65
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\MTE3NDI6ODoxNg.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\WINDOWS\S2VlbmV5


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-23 13:45 <DIR> C:\Program Files\mozilla firefox
2006-07-23 13:14 78,336 C:\WINDOWS\wnu_224.exe
2006-07-23 12:29 <DIR> C:\Program Files\whinstall
2006-07-23 12:29 <DIR> C:\Program Files\webhancer
2006-07-23 12:27 235,729 C:\WINDOWS\system32\ir08l5du1.dll
2006-07-23 12:23 236,015 C:\WINDOWS\system32\hr6u05j9e.dll
2006-07-22 23:50 <DIR> C:\Program Files\warcraft iii
2006-07-22 20:48 32,768 C:\WINDOWS\phjdqshq.exe
2006-07-22 20:47 45,056 C:\WINDOWS\cfg32s.dll
2006-07-22 20:47 110,592 C:\WINDOWS\cfg32o.dll
2006-07-22 20:45 461,368 C:\visfx500new.exe
2006-07-22 20:45 397,312 C:\WINDOWS\cfg32p.dll
2006-07-22 20:45 234,272 C:\WINDOWS\system32\wovdmod.dll
2006-07-22 20:45 102,400 C:\WINDOWS\cfg32r.dll
2006-07-22 20:44 53,120 C:\WINDOWS\optimize.exe
2006-07-22 20:44 42,944 C:\WINDOWS\pop06ap2.exe
2006-07-22 20:44 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-07-22 20:44 357 C:\WINDOWS\whinstaller.ini
2006-07-22 20:44 32,768 C:\WINDOWS\unstall.exe
2006-07-22 20:44 234,272 C:\WINDOWS\system32\dicprop2.dll
2006-07-22 20:44 226,536 C:\WINDOWS\whcc-giant.exe
2006-07-22 20:44 221 C:\WINDOWS\mm06y.ini
2006-07-22 20:44 <DIR> C:\Program Files\online services
2006-07-22 20:44 <DIR> C:\Program Files\msn
2006-07-22 20:44 <DIR> C:\Program Files\internet optimizer
2006-07-22 20:44 <DIR> C:\Program Files\internet explorer
2006-07-22 20:44 <DIR> C:\Program Files\Common Files\{1452cd3a-081f-1033-0301-041021030001}
2006-07-22 20:44 <DIR> C:\Program Files\common files
2006-07-22 20:43 <DIR> C:\Program Files\hijackthis
2006-07-22 20:24 235,729 C:\WINDOWS\system32\semsg.dll
2006-07-22 18:05 235,729 C:\WINDOWS\system32\di32gt.dll
2006-07-22 18:02 405,504 C:\WINDOWS\system32\irsmylsv.dll
2006-07-22 18:02 114,688 C:\WINDOWS\system32\irssyncd.exe
2006-07-22 17:22 <DIR> C:\Program Files\Common Files\fzwf
2006-07-22 16:38 159,744 C:\WINDOWS\system32\redist.dll
2006-07-22 16:38 126,464 C:\WINDOWS\system32\redistributor.exe
2006-07-22 16:38 <DIR> C:\Program Files\system icons
2006-07-22 16:38 <DIR> C:\Program Files\siteerror search
2006-07-22 16:37 2 C:\WINDOWS\system32\wnstsit.exe
2006-07-22 16:37 <DIR> C:\Program Files\s?stem (sstem~1)
2006-07-22 16:37 <DIR> C:\Program Files\??curity (curity~1)
2006-07-22 16:20 36,864 C:\WINDOWS\system32\tdopfsgr.exe
2006-07-12 10:09 <DIR> C:\Program Files\world of warcraft
2006-07-04 21:32 <DIR> C:\Program Files\starcraft
2006-07-02 13:08 <DIR> C:\Program Files\spybot - search & destroy
2006-07-02 12:43 94,208 C:\WINDOWS\scunin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\cmdlineext.dll
2006-07-02 11:57 <DIR> C:\Program Files\ubisoft
2006-07-02 11:57 <DIR> C:\Program Files\installshield installation information
2006-07-02 11:41 <DIR> C:\Program Files\divx
2006-07-02 11:40 <DIR> C:\Program Files\yahoo!
2006-07-02 11:40 <DIR> C:\Program Files\windows media player
2006-07-02 11:40 <DIR> C:\Program Files\support.com
2006-07-02 11:40 <DIR> C:\Program Files\diablo ii
2006-07-02 11:40 <DIR> C:\Program Files\dc++
2006-07-02 11:40 <DIR> C:\Program Files\Common Files\vbox
2006-07-02 11:40 <DIR> C:\Program Files\adobe
2006-06-21 17:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 17:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-05-30 18:09 24,576 C:\WINDOWS\uninstall.exe
2006-04-23 22:21 1,125 C:\WINDOWS\winamp.ini
2006-04-23 22:20 439,552 C:\WINDOWS\system32\perfstringbackup.ini


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-23 13:14 78,336 C:\WINDOWS\wnu_224.exe
2006-07-23 13:12 235,729 C:\WINDOWS\system32\ir08l5du1.dll
2006-07-23 12:26 236,015 C:\WINDOWS\system32\hr6u05j9e.dll
2006-07-22 20:48 32,768 C:\WINDOWS\phjdqshq.exe
2006-07-22 20:45 461,368 C:\visfx500new.exe
2006-07-22 20:45 45,056 C:\WINDOWS\cfg32s.dll
2006-07-22 20:45 397,312 C:\WINDOWS\cfg32p.dll
2006-07-22 20:45 234,272 C:\WINDOWS\system32\wovdmod.dll
2006-07-22 20:45 110,592 C:\WINDOWS\cfg32o.dll
2006-07-22 20:45 102,400 C:\WINDOWS\cfg32r.dll
2006-07-22 20:44 53,120 C:\WINDOWS\optimize.exe
2006-07-22 20:44 42,944 C:\WINDOWS\pop06ap2.exe
2006-07-22 20:44 40,960 C:\WINDOWS\webhdll.dll
2006-07-22 20:44 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-07-22 20:44 357 C:\WINDOWS\whInstaller.ini
2006-07-22 20:44 32,768 C:\WINDOWS\whInstaller.exe
2006-07-22 20:44 32,768 C:\WINDOWS\unstall.exe
2006-07-22 20:44 234,272 C:\WINDOWS\system32\dicprop2.dll
2006-07-22 20:44 226,536 C:\WINDOWS\whCC-GIANT.exe
2006-07-22 20:44 221 C:\WINDOWS\mm06y.ini
2006-07-22 20:24 235,729 C:\WINDOWS\system32\semsg.dll
2006-07-22 18:05 235,729 C:\WINDOWS\system32\di32gt.dll
2006-07-22 18:02 405,504 C:\WINDOWS\system32\irsmylsv.dll
2006-07-22 18:02 114,688 C:\WINDOWS\system32\irssyncd.exe
2006-07-22 16:38 159,744 C:\WINDOWS\system32\redist.dll
2006-07-22 16:38 126,464 C:\WINDOWS\system32\redistributor.exe
2006-07-22 16:37 2 C:\WINDOWS\system32\wnstsit.exe
2006-07-22 16:20 36,864 C:\WINDOWS\system32\tdopfsgr.exe
2006-07-02 12:41 94,208 C:\WINDOWS\ScUnin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-02 12:16 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-02 12:16 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-02 12:15 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-02 12:15 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-02 12:15 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-02 12:14 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-07-02 12:14 2,337,488 C:\WINDOWS\system32\d3dx9_25.dll
2006-07-02 12:14 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-02 12:14 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-02 12:14 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-02 12:14 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-02 12:14 2,222,800 C:\WINDOWS\system32\d3dx9_24.dll
2006-07-02 12:11 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-02 12:11 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-02 12:11 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-02 12:11 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-02 12:11 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-02 12:11 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-02 12:11 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-02 12:11 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-02 12:11 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-02 12:11 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-02 12:11 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-02 12:11 1,962,496 C:\WINDOWS\system32\quartz.dll
2006-07-02 12:11 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-02 12:11 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-02 12:11 1,201,152 C:\WINDOWS\system32\d3d8.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMixerTray"="C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NvMixerTray.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"webHancer Agent"="\"C:\\Program Files\\webHancer\\Programs\\whAgent.exe\""
"webHancer Survey Companion"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"pshower"="C:\\WINDOWS\\System32\\pshwr.exe"
"wincmap"="\"C:\\Program Files\\winCMAPP\\wincmapp.exe\""
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"Tatn"="\"C:\\PROGRA~1\\CURITY~1\\services.exe\" -vt yazr"
"Ihncbgpv"="C:\\Program Files\\s?stem\\n?tdde.exe"
"irssyncd"="C:\\WINDOWS\\System32\\irssyncd.exe"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"wnu"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{1452CD3A-081F-1033-0301-041021030001}"="\"C:\\Program Files\\Common Files\\{1452CD3A-081F-1033-0301-041021030001}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\rylezuz.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Internet Explorer\\pojywiwet.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 07/23/2006 14:09:54.76
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt



______________________



BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 2:03:55 PM, on 7/23/2006

Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: ServiceStop cmdService (operation failed)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\me_7WGgpKNnt4HPthz (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\me_mwgO2YyjgzDUDde (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\me_oE (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\me_YkYAW8yies1Pam8 (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\~DF4296.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Keeney\LOCALS~1\Temp\~DFDAFE.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.
Hoggle is offline  
Old 07-23-2006, 12:18 PM   #9
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Please run combofix once more & post a fresh HJT log.

Thank you
sUBs is offline  
Old 07-23-2006, 12:24 PM   #10
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Start Time= Sun 07/23/2006 14:23:06.12
Running from: C:\hijack

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-23 14:11 <DIR> C:\Program Files\mozilla firefox
2006-07-23 13:14 78,336 C:\WINDOWS\wnu_224.exe
2006-07-23 12:29 <DIR> C:\Program Files\whinstall
2006-07-23 12:29 <DIR> C:\Program Files\webhancer
2006-07-23 12:27 235,729 C:\WINDOWS\system32\ir08l5du1.dll
2006-07-23 12:23 236,015 C:\WINDOWS\system32\hr6u05j9e.dll
2006-07-22 23:50 <DIR> C:\Program Files\warcraft iii
2006-07-22 20:48 32,768 C:\WINDOWS\phjdqshq.exe
2006-07-22 20:47 45,056 C:\WINDOWS\cfg32s.dll
2006-07-22 20:47 110,592 C:\WINDOWS\cfg32o.dll
2006-07-22 20:45 461,368 C:\visfx500new.exe
2006-07-22 20:45 397,312 C:\WINDOWS\cfg32p.dll
2006-07-22 20:45 234,272 C:\WINDOWS\system32\wovdmod.dll
2006-07-22 20:45 102,400 C:\WINDOWS\cfg32r.dll
2006-07-22 20:44 53,120 C:\WINDOWS\optimize.exe
2006-07-22 20:44 42,944 C:\WINDOWS\pop06ap2.exe
2006-07-22 20:44 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-07-22 20:44 357 C:\WINDOWS\whinstaller.ini
2006-07-22 20:44 32,768 C:\WINDOWS\unstall.exe
2006-07-22 20:44 234,272 C:\WINDOWS\system32\dicprop2.dll
2006-07-22 20:44 226,536 C:\WINDOWS\whcc-giant.exe
2006-07-22 20:44 221 C:\WINDOWS\mm06y.ini
2006-07-22 20:44 <DIR> C:\Program Files\online services
2006-07-22 20:44 <DIR> C:\Program Files\msn
2006-07-22 20:44 <DIR> C:\Program Files\internet optimizer
2006-07-22 20:44 <DIR> C:\Program Files\internet explorer
2006-07-22 20:44 <DIR> C:\Program Files\Common Files\{1452cd3a-081f-1033-0301-041021030001}
2006-07-22 20:44 <DIR> C:\Program Files\common files
2006-07-22 20:43 <DIR> C:\Program Files\hijackthis
2006-07-22 20:24 235,729 C:\WINDOWS\system32\semsg.dll
2006-07-22 18:05 235,729 C:\WINDOWS\system32\di32gt.dll
2006-07-22 18:02 405,504 C:\WINDOWS\system32\irsmylsv.dll
2006-07-22 18:02 114,688 C:\WINDOWS\system32\irssyncd.exe
2006-07-22 17:22 <DIR> C:\Program Files\Common Files\fzwf
2006-07-22 16:38 159,744 C:\WINDOWS\system32\redist.dll
2006-07-22 16:38 126,464 C:\WINDOWS\system32\redistributor.exe
2006-07-22 16:38 <DIR> C:\Program Files\system icons
2006-07-22 16:38 <DIR> C:\Program Files\siteerror search
2006-07-22 16:37 2 C:\WINDOWS\system32\wnstsit.exe
2006-07-22 16:37 <DIR> C:\Program Files\s?stem (sstem~1)
2006-07-22 16:37 <DIR> C:\Program Files\??curity (curity~1)
2006-07-22 16:20 36,864 C:\WINDOWS\system32\tdopfsgr.exe
2006-07-12 10:09 <DIR> C:\Program Files\world of warcraft
2006-07-04 21:32 <DIR> C:\Program Files\starcraft
2006-07-02 13:08 <DIR> C:\Program Files\spybot - search & destroy
2006-07-02 12:43 94,208 C:\WINDOWS\scunin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\cmdlineext.dll
2006-07-02 11:57 <DIR> C:\Program Files\ubisoft
2006-07-02 11:57 <DIR> C:\Program Files\installshield installation information
2006-07-02 11:41 <DIR> C:\Program Files\divx
2006-07-02 11:40 <DIR> C:\Program Files\yahoo!
2006-07-02 11:40 <DIR> C:\Program Files\windows media player
2006-07-02 11:40 <DIR> C:\Program Files\support.com
2006-07-02 11:40 <DIR> C:\Program Files\diablo ii
2006-07-02 11:40 <DIR> C:\Program Files\dc++
2006-07-02 11:40 <DIR> C:\Program Files\Common Files\vbox
2006-07-02 11:40 <DIR> C:\Program Files\adobe
2006-06-21 17:38 235,228 C:\WINDOWS\system32\icon_mediamotor.exe
2006-06-21 17:38 115,239 C:\WINDOWS\system32\ts_mediamotor.exe
2006-05-30 18:09 24,576 C:\WINDOWS\uninstall.exe
2006-04-23 22:21 1,125 C:\WINDOWS\winamp.ini
2006-04-23 22:20 439,552 C:\WINDOWS\system32\perfstringbackup.ini


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-23 14:21 683 C:\Combo.bat
2006-07-23 13:14 78,336 C:\WINDOWS\wnu_224.exe
2006-07-23 13:12 235,729 C:\WINDOWS\system32\ir08l5du1.dll
2006-07-23 12:26 236,015 C:\WINDOWS\system32\hr6u05j9e.dll
2006-07-22 20:48 32,768 C:\WINDOWS\phjdqshq.exe
2006-07-22 20:45 461,368 C:\visfx500new.exe
2006-07-22 20:45 45,056 C:\WINDOWS\cfg32s.dll
2006-07-22 20:45 397,312 C:\WINDOWS\cfg32p.dll
2006-07-22 20:45 234,272 C:\WINDOWS\system32\wovdmod.dll
2006-07-22 20:45 110,592 C:\WINDOWS\cfg32o.dll
2006-07-22 20:45 102,400 C:\WINDOWS\cfg32r.dll
2006-07-22 20:44 53,120 C:\WINDOWS\optimize.exe
2006-07-22 20:44 42,944 C:\WINDOWS\pop06ap2.exe
2006-07-22 20:44 40,960 C:\WINDOWS\webhdll.dll
2006-07-22 20:44 359,634 C:\WINDOWS\media_motor_bundle.exe
2006-07-22 20:44 357 C:\WINDOWS\whInstaller.ini
2006-07-22 20:44 32,768 C:\WINDOWS\whInstaller.exe
2006-07-22 20:44 32,768 C:\WINDOWS\unstall.exe
2006-07-22 20:44 234,272 C:\WINDOWS\system32\dicprop2.dll
2006-07-22 20:44 226,536 C:\WINDOWS\whCC-GIANT.exe
2006-07-22 20:44 221 C:\WINDOWS\mm06y.ini
2006-07-22 20:24 235,729 C:\WINDOWS\system32\semsg.dll
2006-07-22 18:05 235,729 C:\WINDOWS\system32\di32gt.dll
2006-07-22 18:02 405,504 C:\WINDOWS\system32\irsmylsv.dll
2006-07-22 18:02 114,688 C:\WINDOWS\system32\irssyncd.exe
2006-07-22 16:38 159,744 C:\WINDOWS\system32\redist.dll
2006-07-22 16:38 126,464 C:\WINDOWS\system32\redistributor.exe
2006-07-22 16:37 2 C:\WINDOWS\system32\wnstsit.exe
2006-07-22 16:20 36,864 C:\WINDOWS\system32\tdopfsgr.exe
2006-07-02 12:41 94,208 C:\WINDOWS\ScUnin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-02 12:16 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-02 12:16 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-02 12:15 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-02 12:15 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-02 12:15 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-02 12:14 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-07-02 12:14 2,337,488 C:\WINDOWS\system32\d3dx9_25.dll
2006-07-02 12:14 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-02 12:14 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-02 12:14 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-02 12:14 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-02 12:14 2,222,800 C:\WINDOWS\system32\d3dx9_24.dll
2006-07-02 12:11 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-02 12:11 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-02 12:11 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-02 12:11 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-02 12:11 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-02 12:11 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-02 12:11 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-02 12:11 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-02 12:11 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-02 12:11 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-02 12:11 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-02 12:11 1,962,496 C:\WINDOWS\system32\quartz.dll
2006-07-02 12:11 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-02 12:11 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-02 12:11 1,201,152 C:\WINDOWS\system32\d3d8.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMixerTray"="C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NvMixerTray.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"webHancer Agent"="\"C:\\Program Files\\webHancer\\Programs\\whAgent.exe\""
"webHancer Survey Companion"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"pshower"="C:\\WINDOWS\\System32\\pshwr.exe"
"wincmap"="\"C:\\Program Files\\winCMAPP\\wincmapp.exe\""
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"Tatn"="\"C:\\PROGRA~1\\CURITY~1\\services.exe\" -vt yazr"
"Ihncbgpv"="C:\\Program Files\\s?stem\\n?tdde.exe"
"irssyncd"="C:\\WINDOWS\\System32\\irssyncd.exe"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{1452CD3A-081F-1033-0301-041021030001}"="\"C:\\Program Files\\Common Files\\{1452CD3A-081F-1033-0301-041021030001}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\rylezuz.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Internet Explorer\\pojywiwet.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 07/23/2006 14:23:14.92
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt
ComboFix2.txt
ComboFix3.txt

_____________________

Logfile of HijackThis v1.99.1
Scan saved at 2:24:22 PM, on 7/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\{1452CD3A-081F-1033-0301-041021030001}\Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CURITY~1\services.exe
C:\Program Files\s?stem\n?tdde.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Documents and Settings\Keeney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmylsv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Tatn] "C:\PROGRA~1\CURITY~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Ihncbgpv] C:\Program Files\s?stem\n?tdde.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MetaFrame Password Manager Agent Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'ctxnsp.dll' missing
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - https://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...81/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
Hoggle is offline  
Old 07-23-2006, 12:33 PM   #11
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Before any work can be done on this machine, there is something that requires your immediate intervention.

This machine is messed up pretty badly because you have several anti-virus programs on your machine. (AVG & Symantec) That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
sUBs is offline  
Old 07-23-2006, 12:41 PM   #12
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Uninstalled AVG, leaving only Symantec. Heres the new log:



Logfile of HijackThis v1.99.1
Scan saved at 2:40:16 PM, on 7/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Common Files\{1452CD3A-081F-1033-0301-041021030001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CURITY~1\services.exe
C:\Program Files\s?stem\n?tdde.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\Documents and Settings\Keeney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmylsv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Tatn] "C:\PROGRA~1\CURITY~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Ihncbgpv] C:\Program Files\s?stem\n?tdde.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MetaFrame Password Manager Agent Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'ctxnsp.dll' missing
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - https://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...81/mcfscan.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
Hoggle is offline  
Old 07-23-2006, 12:52 PM   #13
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download Dr.Web CureIt & save it on desktop. We shall be using it later

Download the attachment I've placed withthis post - sUBS01.zip
There are 2 files inside.

1. Run_Me_First.bat - Double click to run it. When finished , it will say "Done"

2. sUBs.bat - Do NOT run this yet. We'll run it in Safe Mode


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:
  • siteerror search
    system icons
    webhancer
    Internet Optimizer
    winCMAPP
    TClock

    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    Cowabanga by OIN
    or anything similar with Oin in it
In case Purityscan or OINS is not listed, download and use this uninstaller:
https://www.outerinfo.com/OiUninstaller.exe

Please note any other programs that you dont recognize in your next response


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://searchbar.findthewebsiteyouneed.com
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmylsv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [Tatn] "C:\PROGRA~1\CURITY~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Ihncbgpv] C:\Program Files\s?stem\n?tdde.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/A...ler/dwnldr.



* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * *


From the attachment you downloaded earlier, double click on sUBs.bat
It shall produce a log for you


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

** The scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


Run Combofix once more & post the resultant log


In your next post, please include fresh logs from:
  • HiJackThis log
  • ComboFix
  • Dr.Web
  • Online Scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Old 07-23-2006, 12:53 PM   #14
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


After you have posted the required logs, I shall require you to update your copy of Sun's java. Older versions of Java have been identified as entry points for malware.

Updating Java and Clearing Cache
  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
  3. If it is not visible, click on 'Switch to Classic View' in the left pane of the Control Panel or 'Other Control Panel Options'
  4. Please find the Update button or tab in the Java Control Panel. Update your Java then reboot.
  5. If you are unable to update you can manually update by going here:

    https://www.java.com/en/download/manual.jsp

  6. After the reboot, go back into the Control Panel and double-click the Java Icon.
  7. Under the Advanced Tab, click <Applet> tag support and select the browser(s) you are using.
  8. Under Temporary Internet Files, click the Delete Files button.
  9. There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  10. Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  11. Click OK to leave the Java Control Panel.
sUBs is offline  
Old 07-23-2006, 03:37 PM   #15
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Most recent logs, doing the java update now:



Logfile of HijackThis v1.99.1
Scan saved at 5:34:44 PM, on 7/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Keeney\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MetaFrame Password Manager Agent Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'ctxnsp.dll' missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - https://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - https://download.mcafee.com/molbin/is...81/mcfscan.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

________________


Start Time= Sun 07/23/2006 17:33:23.25
Running from: C:\hijack

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-23 17:09 <DIR> C:\Program Files\warcraft iii
2006-07-23 16:50 <DIR> C:\Program Files\winamp
2006-07-23 16:42 <DIR> C:\Program Files\ventsrv
2006-07-23 16:29 <DIR> C:\Program Files\quicktime
2006-07-23 16:28 <DIR> C:\Program Files\mozilla firefox
2006-07-23 16:28 <DIR> C:\Program Files\messenger
2006-07-23 16:28 <DIR> C:\Program Files\itunes
2006-07-23 16:28 <DIR> C:\Program Files\internet explorer
2006-07-23 16:28 <DIR> C:\Program Files\google
2006-07-23 16:27 <DIR> C:\Program Files\aim
2006-07-23 16:12 567 C:\WINDOWS\win.ini
2006-07-23 15:39 <DIR> C:\Program Files\internet optimizer
2006-07-23 15:39 <DIR> C:\Program Files\Common Files\{1452cd3a-081f-1033-0301-041021030001}
2006-07-23 15:05 <DIR> C:\Program Files\s?stem (sstem~1)
2006-07-23 14:59 <DIR> C:\Program Files\whinstall
2006-07-23 14:55 <DIR> C:\Program Files\cleanup!
2006-07-23 14:34 <DIR> C:\Documents and Settings\Keeney\Application Data\microsoft
2006-07-22 20:44 <DIR> C:\Program Files\online services
2006-07-22 20:44 <DIR> C:\Program Files\msn
2006-07-22 20:44 <DIR> C:\Program Files\common files
2006-07-22 20:43 <DIR> C:\Program Files\hijackthis
2006-07-22 17:22 <DIR> C:\Program Files\Common Files\fzwf
2006-07-22 16:38 <DIR> C:\Program Files\system icons
2006-07-12 10:09 <DIR> C:\Program Files\world of warcraft
2006-07-04 21:32 <DIR> C:\Program Files\starcraft
2006-07-02 13:08 <DIR> C:\Program Files\spybot - search & destroy
2006-07-02 12:43 94,208 C:\WINDOWS\scunin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\cmdlineext.dll
2006-07-02 11:57 <DIR> C:\Program Files\ubisoft
2006-07-02 11:57 <DIR> C:\Program Files\installshield installation information
2006-07-02 11:41 <DIR> C:\Program Files\divx
2006-07-02 11:40 <DIR> C:\Program Files\yahoo!
2006-07-02 11:40 <DIR> C:\Program Files\windows media player
2006-07-02 11:40 <DIR> C:\Program Files\support.com
2006-07-02 11:40 <DIR> C:\Program Files\diablo ii
2006-07-02 11:40 <DIR> C:\Program Files\dc++
2006-07-02 11:40 <DIR> C:\Program Files\Common Files\vbox
2006-07-02 11:40 <DIR> C:\Program Files\adobe
2006-05-30 18:09 24,576 C:\WINDOWS\uninstall.exe
2006-04-23 22:21 1,125 C:\WINDOWS\winamp.ini
2006-04-23 22:20 439,552 C:\WINDOWS\system32\perfstringbackup.ini


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-23 16:10 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-23 16:10 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-02 12:41 94,208 C:\WINDOWS\ScUnin.exe
2006-07-02 12:21 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-02 12:16 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-02 12:16 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-02 12:15 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-02 12:15 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-02 12:15 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-02 12:14 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-07-02 12:14 2,337,488 C:\WINDOWS\system32\d3dx9_25.dll
2006-07-02 12:14 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-02 12:14 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-02 12:14 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-02 12:14 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-02 12:14 2,222,800 C:\WINDOWS\system32\d3dx9_24.dll
2006-07-02 12:11 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-02 12:11 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-02 12:11 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-02 12:11 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-02 12:11 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-02 12:11 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-02 12:11 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-02 12:11 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-02 12:11 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-02 12:11 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-02 12:11 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-02 12:11 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-02 12:11 1,962,496 C:\WINDOWS\system32\quartz.dll
2006-07-02 12:11 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-02 12:11 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-02 12:11 1,201,152 C:\WINDOWS\system32\d3d8.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMixerTray"="C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NvMixerTray.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder

Completion time: Sun 07/23/2006 17:33:36.45
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt
ComboFix2.txt
ComboFix3.txt

__________________

backup-20060723-151022-362.dll;C:\Documents and Settings\Keeney\Desktop\backups;Adware.BetterInternet;Incurable.Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;Incurable.Moved.;
Update.exe;C:\Program Files\Common Files\{1452CD3A-081F-1033-0301-041021030001};Trojan.Starter.65;Deleted.;
optimize.exe;C:\Program Files\Internet Optimizer;Trojan.Dyfuca;Deleted.;
podemahez.dll;C:\Program Files\Online Services;Adware.Dh;Incurable.Moved.;
amm06.ocx;C:\WINDOWS;Adware.MediaMotor;Incurable.Moved.;
netlanm.dll;C:\WINDOWS\system32;Adware.SafeSurf;Incurable.Moved.;
nsn9E.dll;C:\WINDOWS\system32;Adware.Ezula;Incurable.Moved.;

__________
Hoggle is offline  
Old 07-23-2006, 03:38 PM   #16
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Incident Status Location

Spyware:spyware/safesurf Not disinfected c:\windows\system32\pdrpdb.dll
Adware:adware/dyfuca Not disinfected c:\program files\Internet Optimizer
Adware:adware/webhancer Not disinfected c:\program files\whInstall
Adware:adware/outerinfo Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/stiebar Not disinfected Windows Registry
Adware:adware/gator Not disinfected Windows Registry
Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\RDFX4.exe
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.overture.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[rightmedia.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.go.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.com.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.peel.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.date.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[statse.webtrendslive.com/S127510]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.spylog.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Bns1 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.bns1.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[statse.webtrendslive.com/dcsb9wfu3c2ep3e8f9clb25ga_7w1f]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\1c7u3q2c.default\cookies.txt[server.iad.liveperson.net/hc/54793187]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.valueclick.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.peel.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.maxserving.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.atwola.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.247realmedia.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.adtech.de/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.revenue.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[server.iad.liveperson.net/hc/54793187]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.belnk.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.targetnet.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[server.iad.liveperson.net/hc/47292500]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.bravenet.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.clickbank.net/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.centrport.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\daz4wiv3.Default User\cookies.txt[.tickle.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.revenue.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[banners.searchingbooth.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[server.iad.liveperson.net/hc/80503492]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.peel.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.com.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.adtech.de/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Keeney\Application Data\Mozilla\Firefox\Profiles\saxgg0f4.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Keeney\Cookies\[email protected][2].txt
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Keeney\DoctorWeb\Quarantine\amm06.ocx
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Keeney\DoctorWeb\Quarantine\netlanm.dll
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Keeney\DoctorWeb\Quarantine\podemahez.dll
Potentially unwanted tool:Application/Bestoffer Not disinfected C:\Documents and Settings\Keeney\Local Settings\Tempbooteula.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{1452CD3A-081F-1033-0301-041021030001}\services.dll
Adware:Adware/WebHancer Not disinfected C:\Program Files\whInstall\whAgent.inf
Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\InstallerV5.exe[ExtractDLL.dll]
Hoggle is offline  
Old 07-23-2006, 03:42 PM   #17
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Please post the log produced by sUBs.bat. It should be located on Desktop
sUBs is offline  
Old 07-23-2006, 03:50 PM   #18
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Oops, forgot that one:

C:\WINDOWS\system32\redist.dll .......... present
C:\WINDOWS\system32\redist.dll .......... deleted

C:\visfx500new.exe .......... present
C:\visfx500new.exe .......... deleted

C:\WINDOWS\cfg32o.dll .......... present
C:\WINDOWS\cfg32o.dll .......... deleted

C:\WINDOWS\cfg32p.dll .......... present
C:\WINDOWS\cfg32p.dll .......... deleted

C:\WINDOWS\cfg32r.dll .......... present
C:\WINDOWS\cfg32r.dll .......... deleted

C:\WINDOWS\cfg32s.dll .......... present
C:\WINDOWS\cfg32s.dll .......... deleted

C:\WINDOWS\media_motor_bundle.exe .......... present
C:\WINDOWS\media_motor_bundle.exe .......... deleted

C:\WINDOWS\mm06y.ini .......... present
C:\WINDOWS\mm06y.ini .......... deleted

C:\WINDOWS\optimize.exe .......... present
C:\WINDOWS\optimize.exe .......... deleted

C:\WINDOWS\phjdqshq.exe .......... present
C:\WINDOWS\phjdqshq.exe .......... deleted

C:\WINDOWS\pop06ap2.exe .......... present
C:\WINDOWS\pop06ap2.exe .......... deleted

C:\WINDOWS\system32\di32gt.dll .......... present
C:\WINDOWS\system32\di32gt.dll .......... deleted

C:\WINDOWS\system32\dicprop2.dll .......... present
C:\WINDOWS\system32\dicprop2.dll .......... deleted

C:\WINDOWS\system32\hr6u05j9e.dll .......... present
C:\WINDOWS\system32\hr6u05j9e.dll .......... deleted

C:\WINDOWS\system32\icon_mediamotor.exe .......... present
C:\WINDOWS\system32\icon_mediamotor.exe .......... deleted

C:\WINDOWS\system32\ir08l5du1.dll .......... present
C:\WINDOWS\system32\ir08l5du1.dll .......... deleted

C:\WINDOWS\system32\irssyncd.exe .......... present
C:\WINDOWS\system32\irssyncd.exe .......... deleted

C:\WINDOWS\system32\redistributor.exe .......... present
C:\WINDOWS\system32\redistributor.exe .......... deleted

C:\WINDOWS\system32\semsg.dll .......... present
C:\WINDOWS\system32\semsg.dll .......... deleted

C:\WINDOWS\system32\tdopfsgr.exe .......... present
C:\WINDOWS\system32\tdopfsgr.exe .......... deleted

C:\WINDOWS\system32\ts_mediamotor.exe .......... present
C:\WINDOWS\system32\ts_mediamotor.exe .......... deleted

C:\WINDOWS\system32\wovdmod.dll .......... present
C:\WINDOWS\system32\wovdmod.dll .......... deleted

C:\WINDOWS\unstall.exe .......... present
C:\WINDOWS\unstall.exe .......... deleted

C:\WINDOWS\whCC-GIANT.exe .......... present
C:\WINDOWS\whCC-GIANT.exe .......... deleted

C:\WINDOWS\wnu_224.exe .......... present
C:\WINDOWS\wnu_224.exe .......... deleted
Hoggle is offline  
Old 07-23-2006, 03:53 PM   #19
Guest
 
Join Date: Jul 2006
Posts: 17
OS:


Done w/ Java updates
Hoggle is offline  
Old 07-23-2006, 04:00 PM   #20
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A


Have another sUBs.bat for you to run.

You can run this immediately after downloading it. No need for safe mode.
sUBs is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:38 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts