WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Command Service and other nasty stuff

Started by MusikGoddess , May 17 2006 08:42 PM

This topic is locked

14 replies to this topic

#1 MusikGoddess

New Member

New Member
7 posts

Posted 17 May 2006 - 08:42 PM

I accidentally clicked on a link in an instant message window, and the next thing I know I have about 1000 different types of spyware invading my computer. I have used spybot and adware for a long time, and also have mcafee installed. I downloaded spysweeper, but I don't want to pay the 30 bucks to subscribe unless its absolutely necessary! Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 9:37:28 PM, on 5/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\wmiapsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\defender20.exe
C:\WINNT\system32\mptft.exe
C:\WINNT\system32\ssec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\tfthot.exe
C:\Documents and Settings\Julia A Stoll\Desktop\HijackThis.exe
C:\WINNT\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123736796343
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: URL - C:\WINNT\system32\s4pule791h.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINNT\wmiapsrv.exe

Thank you so much for whatever help you can give! I'm semi computer illiterate, so please be as detailed as you can in directions.

Advertisements

Register to Remove

#2 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 29 May 2006 - 05:46 AM

Download L2mfix from here or here.

Save the file to your desktop and double click l2mfix.exe.
Click the Install button to extract the files and follow the prompts.
Open the newly added l2mfix folder on your desktop.
Double click l2mfix.bat and click Accept after reading the agreement.
At the next screen, press any key on your keyboard to continue.
Select option #1 for Run Find Log by typing 1 and then pressing enter.
This will scan your computer and it may appear nothing is happening.
After a minute or two, notepad will open with a log.
Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:

1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there.
Do not run the fix portion without fixing the error first.
After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 MusikGoddess

New Member

New Member
7 posts

Posted 06 June 2006 - 09:10 AM

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINNT\\system32\\l06olaj31do.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3D039CEE-E7EC-C513-1DB4-FECC5E8751B7}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder" "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer" "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder" "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut" "{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume" "{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension" "{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service" "{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service" "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper" "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails" "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor" "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{027B5131-E991-4E34-A312-FE488A498E93}"="" "{13371A26-94A3-458B-BD9D-F61BD7B16152}"="" "{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}"="" "{03951A4A-96E9-408B-AB66-5DCB38C15341}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\InprocServer32] @="C:\\WINNT\\system32\\pvofmap.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}] @="" [HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}] @="" [HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\InprocServer32] @="C:\\WINNT\\system32\\dqnaddr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}] @="" "IDEx"="AD" [HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\InprocServer32] @="C:\\WINNT\\system32\\mbvbvm50.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ atmtd.dll Wed May 17 2006 8:54:14p A.... 687,592 671.48 K dqnaddr.dll Tue Jun 6 2006 9:52:06a ..... 235,340 229.82 K dwound3d.dll Wed May 17 2006 8:50:06p ..S.R 236,328 230.79 K jt0407~1.dll Wed May 17 2006 9:37:28p ..S.R 236,328 230.79 K k280lc~1.dll Tue May 16 2006 11:35:50p ..S.R 235,354 229.84 K l06ola~1.dll Thu May 18 2006 11:21:52a ..S.R 235,340 229.82 K mbvbvm50.dll Wed May 17 2006 8:23:48p A.... 234,272 228.78 K p08qla~1.dll Fri May 19 2006 2:49:56p ..S.R 235,340 229.82 K 8 items found: 8 files (5 H/S), 0 directories. Total of file sizes: 2,335,894 bytes 2.23 M Locate .tmp files: C:\WINNT\SYSTEM32\ guard.tmp Tue Jun 6 2006 9:53:06a ..S.R 235,340 229.82 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 235,340 bytes 229.82 K ********************************************************************************** Directory Listing of system files: Volume in drive C is JEWELIA_ONE Volume Serial Number is E402-4844 Directory of C:\WINNT\System32 06/06/2006 09:53a 235,340 guard.tmp 05/19/2006 02:49p 235,340 p08qlal51dq.dll 05/18/2006 11:21a 235,340 l06olaj31do.dll 05/17/2006 09:37p 236,328 jt0407dqe.dll 05/17/2006 08:50p 236,328 dwound3d.dll 05/16/2006 11:35p 235,354 k280lclm1fqa.dll 08/20/2005 03:54p <DIR> dllcache 6 File(s) 1,414,030 bytes 1 Dir(s) 3,942,010,880 bytes free

#4 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 06 June 2006 - 12:29 PM

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 MusikGoddess

New Member

New Member
7 posts

Posted 06 June 2006 - 04:48 PM

L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINNT\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (152)
Killing 'winlogon.exe'
winlogon.exe (200)
Killing 'explorer.exe'
C:\WINNT\Explorer.EXE (1124)
Killing 'rundll32.exe'
rundll32.exe "C:\WINNT\system32\guard.tmp",DllGetVersion (1876)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINNT\system32\dwound3d.dll
Successfully Deleted: C:\WINNT\system32\dwound3d.dll
Deleting: C:\WINNT\system32\irl0l53m1.dll
Successfully Deleted: C:\WINNT\system32\irl0l53m1.dll
Deleting: C:\WINNT\system32\jt0407dqe.dll
Successfully Deleted: C:\WINNT\system32\jt0407dqe.dll
Deleting: C:\WINNT\system32\k280lclm1fqa.dll
Successfully Deleted: C:\WINNT\system32\k280lclm1fqa.dll
Deleting: C:\WINNT\system32\mbvbvm50.dll
Successfully Deleted: C:\WINNT\system32\mbvbvm50.dll
Deleting: C:\WINNT\system32\p08qlal51dq.dll
Successfully Deleted: C:\WINNT\system32\p08qlal51dq.dll
Deleting: C:\WINNT\system32\prrfos.dll
Successfully Deleted: C:\WINNT\system32\prrfos.dll
Deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp

msg11?.dll
0 file(s) copied.

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\p08qlal51dq.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
****************************************************************************
C:\WINNT\system32\dwound3d.dll
C:\WINNT\system32\irl0l53m1.dll
C:\WINNT\system32\jt0407dqe.dll
C:\WINNT\system32\k280lclm1fqa.dll
C:\WINNT\system32\mbvbvm50.dll
C:\WINNT\system32\p08qlal51dq.dll
C:\WINNT\system32\prrfos.dll
C:\WINNT\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}\InprocServer32]
@="C:\\WINNT\\system32\\pvofmap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}\InprocServer32]
@="C:\\WINNT\\system32\\prrfos.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}\InprocServer32]
@="C:\\WINNT\\system32\\mbvbvm50.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{027B5131-E991-4E34-A312-FE488A498E93}"=-
"{13371A26-94A3-458B-BD9D-F61BD7B16152}"=-
"{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}"=-
"{03951A4A-96E9-408B-AB66-5DCB38C15341}"=-
[-HKEY_CLASSES_ROOT\CLSID\{027B5131-E991-4E34-A312-FE488A498E93}]
[-HKEY_CLASSES_ROOT\CLSID\{13371A26-94A3-458B-BD9D-F61BD7B16152}]
[-HKEY_CLASSES_ROOT\CLSID\{04C9ADA4-8B8C-40FF-A58D-EF130B0557E1}]
[-HKEY_CLASSES_ROOT\CLSID\{03951A4A-96E9-408B-AB66-5DCB38C15341}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/dwound3d.dll (152 bytes security) (deflated 5%)
adding: dlls/guard.tmp (152 bytes security) (deflated 5%)
adding: dlls/irl0l53m1.dll (152 bytes security) (deflated 5%)
adding: dlls/jt0407dqe.dll (152 bytes security) (deflated 5%)
adding: dlls/k280lclm1fqa.dll (152 bytes security) (deflated 5%)
adding: dlls/mbvbvm50.dll (152 bytes security) (deflated 4%)
adding: dlls/p08qlal51dq.dll (152 bytes security) (deflated 5%)
adding: dlls/prrfos.dll (152 bytes security) (deflated 5%)
adding: backregs/027B5131-E991-4E34-A312-FE488A498E93.reg (164 bytes security) (deflated 69%)
adding: backregs/03951A4A-96E9-408B-AB66-5DCB38C15341.reg (164 bytes security) (deflated 69%)
adding: backregs/04C9ADA4-8B8C-40FF-A58D-EF130B0557E1.reg (164 bytes security) (deflated 70%)
adding: backregs/13371A26-94A3-458B-BD9D-F61BD7B16152.reg (164 bytes security) (deflated 70%)
adding: backregs/notibac.reg (152 bytes security) (deflated 86%)
adding: backregs/shell.reg (152 bytes security) (deflated 75%)

Logfile of HijackThis v1.99.1
Scan saved at 5:44:18 PM, on 6/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\wmiapsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\mptft.exe
C:\WINNT\system32\ssec.exe
C:\WINNT\system32\tfthot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julia A Stoll\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123736796343
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: App Management - C:\WINNT\system32\p08qlal51dq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINNT\wmiapsrv.exe

#6 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 06 June 2006 - 06:53 PM

Download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 MusikGoddess

New Member

New Member
7 posts

Posted 06 June 2006 - 09:51 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:47:27 PM, 6/6/2006
+ Report-Checksum: 768BED6C

+ Scan result:

[1036] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1116] C:\WINNT\wmiapsrv.exe -> Backdoor.SdBot.aad : Cleaned with backup
[1212] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1244] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1264] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1252] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1288] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1336] C:\WINNT\system32\mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup
[1216] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[860] C:\WINNT\system32\tfthot.exe -> Hijacker.StartPage.ajj : Cleaned with backup
[776] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1732] C:\WINNT\SnVsaWEgQSBTdG9sbA\asappsrv.dll -> Adware.CommAd : Error during cleaning
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\bootloadm.scr -> Downloader.Adload.bo : Cleaned with backup
C:\bootloadr.scr -> Downloader.Adload.bo : Cleaned with backup
C:\bootloadt.scr -> Downloader.Adload.bo : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\z7w1yes8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\012F4H67\bootload[1].scr -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0P2FST6J\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0P2FST6J\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0P2FST6J\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KXYZCP2F\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KXYZCP2F\mptft[1].cab/mptft.exe -> Hijacker.StartPage.ajj : Error during cleaning
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KXYZCP2F\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\STUV8XAN\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
:mozilla.21:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Julia A Stoll\Application Data\Mozilla\Firefox\Profiles\12skgx0m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Cookies\julia a stoll@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/dwound3d.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/irl0l53m1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/jt0407dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/k280lclm1fqa.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/mbvbvm50.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/p08qlal51dq.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\backup.zip/dlls/prrfos.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\dwound3d.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\irl0l53m1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\jt0407dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\k280lclm1fqa.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\mbvbvm50.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\p08qlal51dq.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Desktop\l2mfix\dlls\prrfos.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Local Settings\Temp\NNCLXA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Julia A Stoll\Local Settings\Temporary Internet Files\Content.IE5\CZEZMLYP\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup
C:\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\keyboard20.exe -> Downloader.VB.ada : Cleaned with backup
C:\keyboard20.exe_tobedeleted -> Downloader.VB.ada : Cleaned with backup
C:\loadbdll.pif -> Downloader.Adload.bo : Cleaned with backup
C:\newname20.exe -> Downloader.VB.adb : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfd\qzrfc.dll -> Adware.TargetServer : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfl.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfm.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfp.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\windows\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\windows\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\windows\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\SnVsaWEgQSBTdG9sbA\__delete_on_reboot__asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINNT\SnVsaWEgQSBTdG9sbA\__delete_on_reboot__command.exe -> Adware.CommAd : Cleaned with backup
C:\WINNT\system32\mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup
C:\WINNT\system32\ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINNT\system32\tfthot.exe -> Hijacker.StartPage.ajj : Cleaned with backup
C:\WINNT\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINNT\system32tfthot.exe -> Hijacker.StartPage.ajj : Cleaned with backup
C:\WINNT\Temp\A2F8C.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup
C:\WINNT\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup
C:\WINNT\Temp\i8F.tmp -> Adware.SurfSide : Cleaned with backup
C:\WINNT\Temp\u7.tmp -> Adware.Surfside : Cleaned with backup
C:\WINNT\wmiapsrv.exe -> Backdoor.SdBot.aad : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:48:11 PM, on 6/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Julia A Stoll\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123736796343
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: App Management - C:\WINNT\system32\p08qlal51dq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINNT\wmiapsrv.exe (file missing)

#8 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 June 2006 - 01:07 AM

Check add and remove programs and remove SurfSideKick 3.

Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe (file missing)

Reboot in safe mode, instructions here.
Some of these files my have hidden atributes.
Click Here Should you need instructions for Showing hidden files and folders in Windows.
Once in safe mode, Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file right click then select delete.

Delete the following folder(s) listed in bold.
C:\Program Files\SurfSideKick 3
C:\WINNT\SnVsaWEgQSBTdG9sbA

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 MusikGoddess

New Member

New Member
7 posts

Posted 07 June 2006 - 06:51 AM

I deleted the C:\WINNT\SnVsaWEgQSBTdG9sbA file, but did not find surf side kick in my add/remove programs or in my C:/Programs file. I did a search for it an found a surfsidekick3 zip file stored in spybot's quarantine memory, so i deleted that. Here is my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:45:07 AM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Julia A Stoll\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123736796343
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: App Management - C:\WINNT\system32\p08qlal51dq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SnVsaWEgQSBTdG9sbA\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) - Unknown owner - C:\WINNT\wmiapsrv.exe (file missing)

#10 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 June 2006 - 07:49 AM

Close all programs leaving only HijackThis running. Place a check against each of the following,
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
Click on Fix Checked when finished and exit HijackThis.

Make a restore point.

Then backup your Registry.
click start > run > enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

Then download RegSeeker http://www.hoverdesk.net/freeware.htm.
Extract it to it's own folder, open and double click RegSeeker.exe to start the program.
Maximize the window and click clean registry. Check all sections and click OK.
When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again.
Then right click within the search results and select delete.
Run it again and again, deleting everything it finds until it finds nothing.
Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything).
In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back.
A reboot may be required for the effects to be seen. Reboot When done.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#11 MusikGoddess

New Member

New Member
7 posts

Posted 07 June 2006 - 11:10 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:06:57 PM, on 6/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julia A Stoll\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123736796343
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: App Management - C:\WINNT\
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#12 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 07 June 2006 - 05:37 PM

Looks clean, also looks like you need to update java.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 MusikGoddess

New Member

New Member
7 posts

Posted 07 June 2006 - 09:30 PM

Things appear to be running normally, but when I run Spybot S+D i get two entries "command service" and "network monitor" that can't be fixed because "the associated files are still in use (in memory)." What do you think?

#14 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 08 June 2006 - 04:41 AM

What version of spybot are you using?
Also may read this. http://forums.spybot...hread.php?t=774

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#15 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 20 June 2006 - 06:37 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Body Background

skin color theme