Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please please please help

Started by kiddiekarpets , Feb 01 2006 08:28 PM

  • This topic is locked This topic is locked
26 replies to this topic

#16 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 03 February 2006 - 02:51 PM

Almost there

Download THIS file to your desktop.

Right-click on the deldomains.inf file and select 'Install'

Once it is finished your Zones should be reset.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.</PRE></BODY></HTML>

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

    Advertisements

Register to Remove

#17 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 February 2006 - 05:27 PM

Here is the ewido scan. It kept saying (whatever file) cannot be removed because it is embedded in the archive C:/Documents and Settings/Owner/ (whatever the file). Do you want to remove the whole archive?
I didn’t know how to answer this. It kept asking for each infected file. I hit no, but I probably wanted yes, huh?
Anyway, I restarted in normal mode, and below the ewido log, is a new hijack this.





ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:08:15 PM, 2/3/2006
+ Report-Checksum: C4706D59

+ Scan result:

C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Complete\1Click DVD Copy 4.2.1.3.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\2 Flash Games.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\214 Msn Winks.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\2Pac - Loyal to the.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\30 Flash Template.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\3D MP3 Sound Recorder 3.8.12.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\500 Albums In MP3 Format.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\ACDSee 8.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\ACID Pro 5.0c.345.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Adobe Acrobat Reader 7.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Adobe Audition 1.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS Classroom In A Book.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Adobe Premiere 6 Bible.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Advanced Security Administrator 10.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Autodesk Architectural Desktop 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\AutoShutdown Pro 4.7.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\AV4 Customer Management System Professional 5.7.14.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\avast! Professional Edition 4.6.691.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Axialis IconWorkshop 5.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Bandwith Monitor 2.8b605.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Baygenie 1.1.0.2 for EBay.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Black &amp; White 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Black and Gray Icons.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Black And White 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\BMP ICO Converter 1.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Chameleon Clock 3.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\CopyToDVD 3.0.34.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\DFX Audio Enhancer 7.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\DivX Pro 6.09 Bundle.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\DivXToDVD 1.99.14.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\DivXToDVD 1.99.20.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\DVDInfoPro 4.32.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Dynamic Submission Enterprise 7.2.23.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Easy Resume Creator Pro 4.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\EasyFile Sharing Web Server 3.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Fast Defrag Professional 2.25.96 SP2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\FIFA '06.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\FileMerlin 5.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Flash Decompiler 2.0.0.231.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\GerbTool 14.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Hide IP Platinum 1.75.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Hide-IP.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Internet ScreenSaver Builder 5.10.040901.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\IpInterceptor 2.1.9.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Kaspersky Anti-Virus Personal 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Kaspersky Anti-Virus Personal 5.0.153.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Kerio Personal Firewall 4.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Lavasoft Ad-Aware Pro 1.06.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Learn Microsoft Visual C++ 6.0 Now.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.6.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.9.19.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.9.30.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Lord of War.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Macromedia.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Magic Utilities 2005 3.60.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\MagicTweak 3.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\McAfee AntiSpyware 2006 Premium.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\McAfee AntiSpyware 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\McAfee ePolicy Orchestrator 3.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\McAfee Internet Security Suite 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\MedianSoft Joiner-Converter 2.7.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Metallica - Master of puppets.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Office Pro 2003 (5in1).zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Microsoft Plus Digital Media.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Microsoft Windows Vista Beta 1 - 22082.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Microsoft Windows XP Tools 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Midi for Mobiles.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Mind Technologies Visual Mind 7.0.1.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MindSoft Utilities XP 8.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\mIRC 6.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MonitorIT 7.0.21.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Movie DVD Maker 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Mozilla Firefox 1.5 Beta 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\MS Office FrontPage 2003.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\My Drivers 3.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Nero 6.6.0.16 Reloaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7 Premium.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Nero 7 Ultra Edition (Origional one).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7.0 Ultra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\No1 DVD Audio Ripper 1.0.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nokia 6230 - 72 Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Norton internet security 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Norton PartitionMagic 8.05.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Object Desktop Suite 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\OffsiteSync 3.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\One Click CD DVD Writer 1.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Open Dir - 9 Albums.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Opera 8.50.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Panda Antivirus Platinum 7.07.01 + Update Virus Base.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Panda Antivirus Platinum 7.07.01.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Panda Titanium Antivirus 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Paragon Disk Wiper Professional 5.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PC Auto Shutdown 1.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PC Repair v 2.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PC Security Suite 4.02.8.30.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PCSentinel Software Busted Instant Message Monitor 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PCSentinel Software Red Handed Instant Message Monitor 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PCSentinel Software Smoking Gun Keylogger 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PDF Tools.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Perfect Keylogger 1.6.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Photodex ProShow Producer Version 2.51.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PhotoDVD 2.013.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Photoshop Restoration &amp; Retouching.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\PowerArchiver 2004 9.02.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Premium Clock 2.30.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Privacy Shield 3.0.12.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Quick View Plus 8.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\RAM Saver Pro 4.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\RealPlayer 10.5 Gold.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Recover My Files 3.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Registry Help Pro 1.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Registry Mechanic 3.0.3.44.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Revenant.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Roxio Photosuite 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ShadowUser Professional 2.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SpyRemover 2.27.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\SpyRemover 2.43.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Spyware Doctor 2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Spyware Doctor 3.2.1.359.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\StompSoft Firewall X-treme 3.1.8.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\StompSoft StealthSurf X-treme 1.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\StopPop.net 2.07.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\StyleXP - Male - Female - Update Fix.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Super DVD Factory 5.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Symantec Norton AntiVirus 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Symantec Norton Ghost 9.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Symantec Norton GoBack 4.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Symantec Norton SystemWorks 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\System Mechanic Professional 5.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\System Mechanic Professional 5.5b.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Trial-Reset 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tunebite 2.0.1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Ultra MPEG To DVD Burner 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vista look for XP.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Zip Password Recovery 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Builder Deluxe 2.4.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.560.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WebSeeker 5.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\Windows XP Generic Activator and Tweaker.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinHex 12.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinImage Professional 7.0h.7009.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.4.0 Plus.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinTools.net Pro 6.3.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WinZip 10.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\WordOMatic 1.1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XoftSpy 3.44.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\XoftSpy 4.15.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\xp-AntiSpy 3.95.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\XPCSpy Pro 2.54.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Complete\YetiSport 1-8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ZoneAlarm Pro 6.0.667.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Upload\Suspect SpyWare - 1091693413.ssb/C:\WINDOWS\system32\SahAgent.exe -> Adware.SAHA : Error during cleaning
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\pz.exe/trofkz.REG -> Trojan.LowZones.a : Cleaned with backup
C:\pz.exe/w.html -> Spyware.Hijacker.Generic : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup


::Report End

HIJACKTHIS LOG::
Logfile of HijackThis v1.99.1
Scan saved at 6:24:30 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

#18 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 03 February 2006 - 10:35 PM

Please look at the thread below. Can you see if you have any of the files it shows and then let me know please.

http://www.viruslist...a?virusid=86228

#19 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 04 February 2006 - 11:32 AM

Hi, I don't mean to sound stupid, but where would I find these files if I had them? If you could tell me how to locate them, I can let you know. thanks for your patience!

#20 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 February 2006 - 09:24 PM

Click on start, my compter, then c and look for these and let me know if they are there. C:\s.tmp C:\a.zip

#21 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 05 February 2006 - 11:59 AM

HI, I don't think I have any on the list. I do have one folder called tmp, when double clicking it, it opens 4 icons within the folder. One says CL Text Document, one says FullInstall Text Document, one says libcurl.dll, and the last says, UI_default_install. I don't know what any of them are, or if they are good or bad. But I think that is the only quesionable file. Ronda

#22 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 February 2006 - 12:04 PM

Download CCleaner from here >>>>> http://www.majorgeek...wnload4191.html

Save it to your desktop. Open CCleaner and click on "run cleaner" at the bottom right.

#23 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 05 February 2006 - 02:52 PM

Ok,
I downloaded CCCleaner, and ran it, and printed a new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:50:48 PM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#24 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 February 2006 - 08:21 PM

You can have hijckthis remove this line O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file) The reboot. How is it running after the reboot?

#25 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 06 February 2006 - 08:31 AM

Okay, I had hijackthis remove that line, and then rebooted. I use Bellsouth DSL and it seems just as fast as before. No pop ups, no redirecting. I use Mozilla, and that seems fine also. Everything seems good. :D What do I do with all the stuff I downloaded to my computer? What stays and what goes? Also, what can I do to prevent this mess in the future? Thanks so much!!!!!!

    Advertisements

Register to Remove

#26 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 February 2006 - 10:18 PM

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. In my signature below is also a tutorial on how to harden IE, a good read and very helpful to stop these things in the future. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.

Safe Surfing. :D

#27 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 February 2006 - 10:18 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·