Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
48 Posts
Discussion Starter · #1 ·
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\My Music\My Playlists\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125187124218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125191070078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

·
Registered
Joined
·
6,574 Posts
Fix the folloiwng in HJT.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/


Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Perform an online scan in Internet Explorer with Panda ActiveScan

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
48 Posts
Discussion Starter · #3 ·
Antispyware.log-
Started Scanning
Internet Cookies
Found 'unicast.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'adultfriendfinder.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'sextracker.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'citi.bridgetrack.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'perf.overture.com' in 'Internet Explorer Cache'
Found 'serving-sys.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'Software\Dvx'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMVLite'
Found '' in 'SOFTWARE\Winad Client'
Found '' in 'SOFTWARE\Homepage Protector'
Found '' in 'Interface\{E39F03B3-5532-460B-B70B-CDB68E0C72F7}'
Found '' in 'SOFTWARE\Classes\Interface\{E39F03B3-5532-460B-B70B-CDB68E0C72F7}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Found '' in 'Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}'
Found '' in 'Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}'
Found '' in 'TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}'
Found '' in 'SOFTWARE\Classes\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}'
Found '' in 'SOFTWARE\Classes\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}'
Found '' in 'SOFTWARE\Classes\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}'
Internet URL Shortcuts
Found 'Betting.lnk' in 'C:\Documents and Settings\Owner\Favorites\Fun & Games\'
Found 'Casino.lnk' in 'C:\Documents and Settings\Owner\Favorites\Fun & Games\'
Found 'Casino Palace.lnk' in 'C:\Documents and Settings\Owner\Favorites\Fun & Games\'
Found 'Games.lnk' in 'C:\Documents and Settings\Owner\Favorites\Fun & Games\'
Found 'Horoscope.lnk' in 'C:\Documents and Settings\Owner\Favorites\Fun & Games\'
Found 'Air Tickets.lnk' in 'C:\Documents and Settings\Owner\Favorites\Going Places\'
Found 'Car Rentals.lnk' in 'C:\Documents and Settings\Owner\Favorites\Going Places\'
Found 'Hotel Deals.lnk' in 'C:\Documents and Settings\Owner\Favorites\Going Places\'
Found 'Luggage.lnk' in 'C:\Documents and Settings\Owner\Favorites\Going Places\'
Found 'Travel.lnk' in 'C:\Documents and Settings\Owner\Favorites\Going Places\'
Found 'Dating.lnk' in 'C:\Documents and Settings\Owner\Favorites\Living\'
Found 'Find a Degree.lnk' in 'C:\Documents and Settings\Owner\Favorites\Living\'
Found 'Find a job.lnk' in 'C:\Documents and Settings\Owner\Favorites\Living\'
Found 'Home.lnk' in 'C:\Documents and Settings\Owner\Favorites\Living\'
Found 'Insurance.lnk' in 'C:\Documents and Settings\Owner\Favorites\Living\'
Found 'Auctions.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Books.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Computers.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Discount.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Flowers.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Golf.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Jewelry.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Movies.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Music.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Online Store.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Perfume.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Sleepwear.lnk' in 'C:\Documents and Settings\Owner\Favorites\Shop\'
Found 'Adware Remover.lnk' in 'C:\Documents and Settings\Owner\Favorites\Technology\'
Found 'Anti-Virus.lnk' in 'C:\Documents and Settings\Owner\Favorites\Technology\'
Found 'PC Cleaner.lnk' in 'C:\Documents and Settings\Owner\Favorites\Technology\'
Found 'Tech & gadgets.lnk' in 'C:\Documents and Settings\Owner\Favorites\Technology\'
Files and Directories
Found '281.dfn' in 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts'
Found '286.dfn' in 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts'
Found 'delfinAF.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinBD.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinCO.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinDL.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinED.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinID.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinKY.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinLD.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinSI.edx' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinST.ebd' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found 'delfinTG.ebd' in 'C:\Documents and Settings\All Users\Application Data\wsxs'
Found '' in 'C:\Documents and Settings\Owner\Local Settings\Temp\vmstmp'
Found '' in 'C:\Program Files\joystick networks'
Found 'celebs.ico' in 'C:\Program Files\joystick networks\setup'
Found 'gamesjoy.ico' in 'C:\Program Files\joystick networks\setup'
Found 'joystick.ico' in 'C:\Program Files\joystick networks\setup'
Found '0D69F9C6-1C35-47C1-9B45-8EAD6A' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1D066854-DF26-4E1F-BB59-3A57B0'
Found 'C76344FB-7921-4034-948E-B6397F' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\61FF41B2-7268-4B7F-9CD0-F23278'
Found 'C831D016-4E01-4C80-A11C-B860C5' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\A27B724B-E1CC-4872-8BD7-79E225'
Found 'Date.ico' in 'C:\WINDOWS\system32'
Found 'network.ico' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\281.dfn' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\281.dfn' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\281.dfn'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\286.dfn' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\286.dfn' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\Adverts\286.dfn'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinAF.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinAF.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinAF.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinBD.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinBD.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinBD.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinCO.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinCO.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinCO.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinDL.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinDL.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinDL.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinED.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinED.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinED.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinID.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinID.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinID.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinKY.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinKY.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinKY.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinLD.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinLD.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinLD.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinSI.edx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinSI.edx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinSI.edx'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinST.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinST.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinST.ebd'
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinTG.ebd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinTG.ebd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\wsxs\delfinTG.ebd'
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\vmstmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Local Settings\Temp\vmstmp' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Local Settings\Temp\vmstmp'
Checking for 'C:\Program Files\joystick networks' in shortcut areas.
Checking for 'C:\Program Files\joystick networks' in startup areas.
Cleaning 'C:\Program Files\joystick networks'
Checking for 'C:\Program Files\joystick networks\setup\alienicon.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\alienicon.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\alienicon.ico'
Checking for 'C:\Program Files\joystick networks\setup\celebs.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\celebs.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\celebs.ico'
Checking for 'C:\Program Files\joystick networks\setup\gamesjoy.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\gamesjoy.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\gamesjoy.ico'
Checking for 'C:\Program Files\joystick networks\setup\imgiant.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\imgiant.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\imgiant.ico'
Checking for 'C:\Program Files\joystick networks\setup\joystick.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\joystick.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\joystick.ico'
Checking for 'C:\Program Files\joystick networks\setup\celebs.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\celebs.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\celebs.ico'
[SCANMODS] The file 'C:\Program Files\joystick networks\setup\celebs.ico' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\joystick networks\setup\gamesjoy.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\gamesjoy.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\gamesjoy.ico'
[SCANMODS] The file 'C:\Program Files\joystick networks\setup\gamesjoy.ico' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\joystick networks\setup\joystick.ico' in shortcut areas.
Checking for 'C:\Program Files\joystick networks\setup\joystick.ico' in startup areas.
Cleaning 'C:\Program Files\joystick networks\setup\joystick.ico'
[SCANMODS] The file 'C:\Program Files\joystick networks\setup\joystick.ico' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1D066854-DF26-4E1F-BB59-3A57B0\0D69F9C6-1C35-47C1-9B45-8EAD6A' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1D066854-DF26-4E1F-BB59-3A57B0\0D69F9C6-1C35-47C1-9B45-8EAD6A' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\1D066854-DF26-4E1F-BB59-3A57B0\0D69F9C6-1C35-47C1-9B45-8EAD6A'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\61FF41B2-7268-4B7F-9CD0-F23278\C76344FB-7921-4034-948E-B6397F' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\61FF41B2-7268-4B7F-9CD0-F23278\C76344FB-7921-4034-948E-B6397F' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\61FF41B2-7268-4B7F-9CD0-F23278\C76344FB-7921-4034-948E-B6397F'
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\A27B724B-E1CC-4872-8BD7-79E225\C831D016-4E01-4C80-A11C-B860C5' in shortcut areas.
Checking for 'C:\Program Files\Microsoft AntiSpyware\Quarantine\A27B724B-E1CC-4872-8BD7-79E225\C831D016-4E01-4C80-A11C-B860C5' in startup areas.
Cleaning 'C:\Program Files\Microsoft AntiSpyware\Quarantine\A27B724B-E1CC-4872-8BD7-79E225\C831D016-4E01-4C80-A11C-B860C5'
Checking for 'C:\WINDOWS\system32\Date.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\Date.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\Date.ico'
Checking for 'C:\WINDOWS\system32\network.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\network.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\network.ico'







Active Scan-

Incident Status Location

Spyware:spyware/dyfuca No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfout.txt
Adware:adware/ist.istbar No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\shortcuts.txt
Adware:adware/popuper No disinfected C:\WINDOWS\SYSTEM32\hhk.dll
Adware:adware/virmaid No disinfected C:\WINDOWS\SYSTEM32\ole32vbs.exe
Adware:adware/toprebates No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/delfinmedia No disinfected C:\keys.ini
Adware:adware/exact.bargainbuddyNo disinfected C:\WINDOWS\msxct1.ini
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/cws No disinfected C:\Documents and Settings\Owner\Favorites\Fun & Games
Adware:adware/savenow No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vmss
Spyware:spyware/media-motor No disinfected Windows Registry
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\m67m.inf
Spyware:Spyware/Media-motor No disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4A872F0B-06A9-483E-A36E-99C58A.asq
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\20BB2F97-4AB3-48CD-999E-380676\483DDEB7-5123-4D40-AC10-162AB4
Adware:Adware/WUpd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8757CCEC-06DE-4295-A189-229932\C91904FE-CFE5-4BAB-8B60-D5B571
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Open MS AntiSpyware program and purge/delete everything in the Quarantine folder.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\SYSTEM32\hhk.dll
C:\WINDOWS\SYSTEM32\ole32vbs.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
C:\keys.ini
C:\WINDOWS\msxct1.ini
C:\WINDOWS\usta33.ini
C:\Documents and Settings\Owner\Favorites\Fun & Games
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vmss
C:\WINDOWS\Downloaded Program Files\WinadX.inf


Once you reboot...run another Panda scan and post it's log.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top