Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Check my log please.

Started by lazyvista , Jan 30 2006 06:29 PM

  • This topic is locked This topic is locked
15 replies to this topic

#1 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 January 2006 - 06:29 PM

Here is my log file. Could someone let me know what I should get rid of? Popups are killing my PC.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:27:13 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\rrvaajg.exe
C:\WINDOWS\system32\141D181E1E211D.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\newfrn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: (no name) - {7291AA5B-60C9-4B3F-B063-6E2313CCCFCD} - C:\WINDOWS\system32\ilk.dll
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [j0] C:\documents and settings\aol user\local settings\temp\j0.exe
O4 - HKLM\..\Run: [eDAhB.exe] c:\windows\system32\eDAhB.exe
O4 - HKLM\..\Run: [bydrpb] c:\windows\system32\skiwti.exe
O4 - HKLM\..\Run: [xxmdhg] c:\windows\system32\sakqpd.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~2\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Jumbo Updater] C:\WINDOWS\system32\jumb.exe
O4 - HKLM\..\Run: [hiurewrA] C:\WINDOWS\hiurewrA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [rrvaajg] C:\WINDOWS\rrvaajg.exe
O4 - HKLM\..\Run: [515A555B5B5E5A59] 141D181E1E211D.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinmsap.exe CORN001
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ios8RScnX] mp4skrnl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinmsap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hiurewr.exe (file missing)

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 February 2006 - 11:15 PM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here. With a new hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 February 2006 - 06:21 PM

--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 6:17:05 PM, 2/6/2006 + Report-Checksum: 8383CCC5 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\drs.n -> Adware.Searchforit : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Spyware.Alexa : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Spyware.Alexa : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Hotbar -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Hotbar\Hotbar\SF -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27D784D7-9217-4227-B43B-E06E4781E0CB} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946B3E9E-E21A-49C8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC378B83-9577-44D0-B4F8-0DD965E176FC} -> Spyware.Esyndicate : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8} -> Spyware.Dashbar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E77EDA01-3C56-4A96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-329068152-1957994488-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup [108] C:\WINDOWS\rrvaajg.exe -> Downloader.VB.hj : Cleaned with backup [432] C:\WINDOWS\system32\141D181E1E211D.exe -> Trojan.VB.aft : Cleaned with backup [448] C:\WINDOWS\newfrn.exe -> Spyware.Hijacker.Generic : Cleaned with backup [180] C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\report\send_ShopperReports.xml -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\report\send_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ad.yieldmanager[4].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@banner.clubdicecasino[1].txt -> Spyware.Cookie.Clubdicecasino : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@clubdicecasino[1].txt -> Spyware.Cookie.Clubdicecasino : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@data1.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@data2.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-atariinc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-crain.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-datamonitor.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-financialaid.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-legonewyorkinc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@ehg-theviptour.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@finishline.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@pch.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@reduxads.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@tahitiannoniintl.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@www.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@www.vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\AOL User\Cookies\aol user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\99_app99.exe -> Dropper.Agent.xw : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\adwsetup_upd.exe -> Dropper.Agent.abb : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\GLF2EGLF2E.EXE -> Downloader.TSUpdate.f : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\i2.tmp -> Spyware.SurfSide : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\patch6334.exe -> Downloader.Apropo.ai : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\Transponder.dll -> Adware.Agent : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\ts_8_new.exe -> Downloader.TSUpdate.f : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\~apropos0\atla.dll -> Trojan.Crypt.t : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temp\~apropos0\CxtPls.exe -> Downloader.Apropo.ag : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temporary Internet Files\Content.IE5\CTQF4H2R\mediaview[1].cab/elite.ocx -> Adware.MediaMotor : Cleaned with backup C:\Documents and Settings\AOL User\Local Settings\Temporary Internet Files\Content.IE5\SDUVC5IF\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@data2.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@data3.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ehg-netquote.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@ehg-traderelectronicmedia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@pch.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@reduxads.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@www.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@www.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\G & G\Cookies\g & g@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\G & G\Local Settings\Temporary Internet Files\Content.IE5\01EVSXE3\newfrn[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\Documents and Settings\G & G\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STUV\Microsoft_Windows_Advanced_Upgrade_Wizard_Logo______________________________________________________________________[1].emf -> Exploit.MS05-053-WMF : Cleaned with backup C:\Documents and Settings\G & G\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STUV\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@reduxads.valuead[2].txt -> Spyware.Cookie.Valuead : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@www.adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Grandkid Games\Cookies\grandkid games@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Grandkid Games\Local Settings\Temporary Internet Files\Content.IE5\QB9QUW99\newfrn[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Z Admin\Cookies\z admin@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\n.exe -> Downloader.Small.cdy : Cleaned with backup C:\new.exe -> Trojan.Small.gf : Cleaned with backup C:\Program Files\CMSystem\plugin.dll -> Spyware.CASClient : Cleaned with backup C:\Program Files\Common Files\iqkm\iqkma.exe -> Downloader.TSUpdate.l : Cleaned with backup C:\Program Files\Common Files\iqkm\iqkml.exe -> Downloader.TSUpdate.j : Cleaned with backup C:\Program Files\Common Files\iqkm\iqkmm.exe -> Downloader.TSUpdate.k : Cleaned with backup C:\Program Files\Common Files\iqkm\iqkmp.exe -> Spyware.Xupiter : Cleaned with backup C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup C:\Program Files\sf\sf.exe -> Downloader.Small.hs : Cleaned with backup C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup C:\RECYCLER\S-1-5-21-329068152-1957994488-725345543-1006\Dc82.exe -> Adware.DownloadWare : Cleaned with backup C:\RECYCLER\S-1-5-21-329068152-1957994488-725345543-1006\Dc83.exe -> Downloader.Adload.k : Cleaned with backup C:\setup1022.exe -> Spyware.UrlSpy.b : Cleaned with backup C:\system.exe -> Spyware.WinFetcher.b : Cleaned with backup C:\WINDOWS\aac.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\bzakbgr.exe -> Dropper.Agent.mu : Cleaned with backup C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe -> Not-A-Virus.Downloader.Agent.e : Cleaned with backup C:\WINDOWS\dslife.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\exactoffernew.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\msaccrt.exe -> Backdoor.Agent.kb : Cleaned with backup C:\WINDOWS\newfrn.exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\nexus8.exe -> Trojan.Imiserv.c : Cleaned with backup C:\WINDOWS\offun.exe -> Downloader.VB.hw : Cleaned with backup C:\WINDOWS\opmrket.exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\rrvaajg.exe -> Downloader.VB.hj : Cleaned with backup C:\WINDOWS\syss32.exe -> Backdoor.IRCBot.jl : Cleaned with backup C:\WINDOWS\system32\141D181E1E211D.exe -> Trojan.VB.aft : Cleaned with backup C:\WINDOWS\system32\AlxRes.dll.bak -> Spyware.Alexa : Cleaned with backup C:\WINDOWS\system32\dwdsregt.exe -> Spyware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\dνdplay.exe -> Adware.PurityScan : Cleaned with backup C:\WINDOWS\system32\legbfk.dll -> Adware.PurityScan : Cleaned with backup C:\WINDOWS\system32\mwinmsap.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\oplfagdo.dll -> Adware.Agent : Cleaned with backup C:\WINDOWS\system32\rldsrego.exe -> Spyware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\satl.exe -> Downloader.IstBar : Cleaned with backup C:\WINDOWS\system32\update.exe -> Spyware.WinFetcher : Cleaned with backup C:\WINDOWS\system32\Uqxt.exe -> Downloader.VB.em : Cleaned with backup C:\WINDOWS\userint32.exe -> Backdoor.Agent.jn : Cleaned with backup C:\WINDOWS\wh.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup ::Report End

#4 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 February 2006 - 06:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:19:07 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {E9282CC5-E90C-CCF5-28E0-B69EF8310AC7} - C:\WINDOWS\system32\legbfk.dll (file missing)
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [j0] C:\documents and settings\aol user\local settings\temp\j0.exe
O4 - HKLM\..\Run: [eDAhB.exe] c:\windows\system32\eDAhB.exe
O4 - HKLM\..\Run: [bydrpb] c:\windows\system32\skiwti.exe
O4 - HKLM\..\Run: [xxmdhg] c:\windows\system32\sakqpd.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~2\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Jumbo Updater] C:\WINDOWS\system32\jumb.exe
O4 - HKLM\..\Run: [hiurewrA] C:\WINDOWS\hiurewrA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ios8RScnX] mp4skrnl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinmsap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hiurewr.exe (file missing)

#5 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 06 February 2006 - 06:24 PM

Downloaded/installed/executed ewido anti-malware posted the log and a new hjt log. Let me know what is next. I'm not surprised at the amount of carp** that was found. Thanks

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 07 February 2006 - 12:38 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 07 February 2006 - 05:52 PM

VundoFix did not find anything to remove.

Here is an updated hjt log file.

Logfile of HijackThis v1.99.1
Scan saved at 5:49:19 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {981B7867-E9F2-9E02-D65D-B83EC22220C1} - C:\WINDOWS\system32\slwr.dll
O2 - BHO: (no name) - {E9282CC5-E90C-CCF5-28E0-B69EF8310AC7} - C:\WINDOWS\system32\legbfk.dll (file missing)
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [j0] C:\documents and settings\aol user\local settings\temp\j0.exe
O4 - HKLM\..\Run: [eDAhB.exe] c:\windows\system32\eDAhB.exe
O4 - HKLM\..\Run: [bydrpb] c:\windows\system32\skiwti.exe
O4 - HKLM\..\Run: [xxmdhg] c:\windows\system32\sakqpd.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~2\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Jumbo Updater] C:\WINDOWS\system32\jumb.exe
O4 - HKLM\..\Run: [hiurewrA] C:\WINDOWS\hiurewrA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ios8RScnX] mp4skrnl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinmsap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hiurewr.exe (file missing)

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 08 February 2006 - 12:49 AM

Download System Security Suite v1.04 here
Tutorial here.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Reboot in safe mode. Close all Browser and Program Windows.
Have HijackThis fix the following. Do this by checking the box beside each and then clicking on Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {981B7867-E9F2-9E02-D65D-B83EC22220C1} - C:\WINDOWS\system32\slwr.dll
O2 - BHO: (no name) - {E9282CC5-E90C-CCF5-28E0-B69EF8310AC7} - C:\WINDOWS\system32\legbfk.dll (file missing)
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O4 - HKLM\..\Run: [j0] C:\documents and settings\aol user\local settings\temp\j0.exe
O4 - HKLM\..\Run: [eDAhB.exe] c:\windows\system32\eDAhB.exe
O4 - HKLM\..\Run: [bydrpb] c:\windows\system32\skiwti.exe
O4 - HKLM\..\Run: [xxmdhg] c:\windows\system32\sakqpd.exe
O4 - HKLM\..\Run: [Jumbo Updater] C:\WINDOWS\system32\jumb.exe
O4 - HKLM\..\Run: [hiurewrA] C:\WINDOWS\hiurewrA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Ios8RScnX] mp4skrnl.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinmsap.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hiurewr.exe (file missing)

You may need to set you computer to show hidden files. Click here for Instructions.
Then click start>my computer>local disk
(then follow the path) or Using Windows Explorer, locate the following files/folders, and delete them:
Delete the following file(s) listed.

C:\documents and settings\aol user\local settings\temp\j0.exe
c:\windows\system32\eDAhB.exe
c:\windows\system32\skiwti.exe
c:\windows\system32\sakqpd.exe
C:\WINDOWS\system32\jumb.exe
C:\WINDOWS\hiurewrA.exe
C:\WINDOWS\system32\mwinmsap.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\hiurewr.exe

Delete the folder(s) listed
C:\Program Files\SurfSideKick 3
C:\Program Files\WinFixer_2006

If you were unable to find any of the files then please follow these additional instructions:
Run Pocket Killbox, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Here are Instructions for deleting multiple files with Pocket Killbox.

Reboot then Run 3S under “Items To Clear” tab place a checkmark in all of them but user defined folders.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.



Here are the directions for creating a zip file For Windows XP:
Using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
Right click any other files you want to compress and select Copy.
Right click on the compressed folder and select Paste. The copied files will be compressed and pasted in.

Please Zip this file and send it here

j0.exe
eDAhB.exe
skiwti.exe
sakqpd.exe
jumb.exe
hiurewrA.exe
mwinmsap.exe
svcproc.exe
hiurewr.exe
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 08 February 2006 - 07:16 PM

I had a few problems getting everything to work. I attached the new HJT log. It is much shorter than before. The machine no longer is producing popups at all. I think it has been several days since we have seen one.

I received no errors when I executed System Security Suite.

I was unable to find any of the files you listed. When I tried to use killbox, it returned this log:

Pocket Killbox version 2.0.0.648
Running on Windows XP as G & G(Administrator)
was started @ Wednesday, February 08, 2006, 6:59 PM
# 1 [Delete on Reboot]
Path = C:\documents and settings\aol user\local settings\temp\j0.exe
# 2 [Delete on Reboot]
Path = c:\windows\system32\eDAhB.exe
# 3 [Delete on Reboot]
Path = c:\windows\system32\skiwti.exe
# 4 [Delete on Reboot]
Path = c:\windows\system32\sakqpd.exe
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\jumb.exe
# 6 [Delete on Reboot]
Path = C:\WINDOWS\hiurewrA.exe
# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\mwinmsap.exe
# 8 [Delete on Reboot]
Path = C:\WINDOWS\svcproc.exe
# 9 [Delete on Reboot]
Path = C:\WINDOWS\hiurewr.exe
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 7:00:49 PM
Killbox Closed(Exit) @ 7:00:52 PM
__________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 7:06:26 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~2\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 09 February 2006 - 12:49 AM

Close all programs leaving only HijackThis running. Place a check against each of the following, Click on Fix Checked when finished

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Post back a fresh HijackThis log and we will take another look.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#11 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 February 2006 - 06:23 PM

I tried several things, and started over a few times when I killed the wrong process in taskmgr.

I can see the process in SERVICES and if I disable it, it will not show up on the list.

Here is the new log. It's still there.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:48 PM, on 2/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~2\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 09 February 2006 - 11:04 PM

Make a restore point. Backup your Registry...
click start > run > enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

Then download RegSeeker http://www.hoverdesk.net/freeware.htm. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 11 February 2006 - 07:56 PM

Downloaded/installed/executed RegSeeker as requested.

Here is a new hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 7:54:13 PM, on 2/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102734548324
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 February 2006 - 08:27 PM

Looks clean :thumbup:

Read this

To help keep your PC clean follow the recommendations in Tony Klein's article
So how did I get infected in the first place?
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#15 lazyvista

lazyvista

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 12 February 2006 - 09:42 AM

Thanks for the help, it is appreciated.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·