Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Angels HighJack Log


  • Please log in to reply
7 replies to this topic

#1 AngelV

AngelV

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 17 June 2006 - 07:36 PM

Logfile of HijackThis v1.97.7
Scan saved at 8:33:35 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\pop06ap2.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\sys012165351751.exe
C:\WINDOWS\CCZoop05.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Common Files\simtest\sysstall.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anne Rehagen\Local Settings\Temporary Internet Files\Content.IE5\7M8JS73Y\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5401
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08C99575-D407-453D-AEF9-B496DB385694} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {17A8B53B-CB55-408D-84BB-3A209FCD5CB3} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {27D85468-7E94-40A0-A9BD-7870B8CEDB87} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {34F82D09-3A9C-4755-B09C-C17AD819AFA0} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {37C8CA82-26B6-4F6E-95E2-C46129D8A303} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsh2B.dll
O2 - BHO: (no name) - {58CC0553-A3E8-4448-8EE6-DDA76F40844F} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66145AD1-73ED-45B3-9F8C-88AD71838A2B} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmqnsi.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {836B0093-0226-4697-8864-5F994340FC99} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {8A4D4482-7592-42A0-8C9F-D9D8048C6CDA} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {8B02DF8D-4793-4370-9A6D-DB5946BE3F14} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {91E77D18-37FB-4626-A04A-57ECC68F6866} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: (no name) - {97F819E2-32CE-4F91-B2E5-493AB5366F19} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9A1EDAA3-2548-42F8-9A21-EF947624AA0B} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9DCBF0BB-B702-4E2A-87D1-741763B5976F} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9F6F349E-805C-487C-92CE-45EDFF4E943C} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {A81D5966-4FEE-4C28-8C28-FAC07775BAB8} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B718F062-9F41-4848-9D34-AB8F0020CB39} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {BB92996E-D58C-4402-A80F-360F6F8C032E} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {C07F94F4-6C67-4519-B0EE-46EE2494A8F2} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {CCA3203C-2AEC-444C-ACCA-D60DA258B0C7} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {CFFBD928-513A-4BEA-A682-A8469B6308EB} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SprintDSLSetup] D:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [sys012165351751] C:\WINDOWS\sys012165351751.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: BVI DUBB Web Accelerator.lnk = C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/227
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: c:\progra~1\bvidub~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\bvidub~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\bvidub~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\bvidub~1\sliplsp.dll
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149910108442
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab

    Advertisements

Register to Remove


#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 18 June 2006 - 07:19 AM

Welcome to the forum :wavey:

Please download the latest version of HijackThis!

Links to Hijack This! v 1.99.1:

Hijack This! (© Merijn) at tools.radiosplace.com

Hijack This! (© Merijn) at spywarewarrior.com

Next, go to:

Start --> Control Panel --> Add/Remove Programs

Remove anything in there that has webHancer in it, then reboot.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only

Don't run it yet.

Please download, install, and update the NEW free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido.
  • Boot in "safe" mode
  • Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All. Click the Empty Selected button. Close the program.
  • Run Ewido. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Boot in normal mode.

Please post the results from Ewido and a new HijackThis! log, into this thread.
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 AngelV

AngelV

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 June 2006 - 08:24 AM

Micah, I have done what you have asked. I will post the Hijack Log, but the ewido log has personal info in it. Can I send it to you via email (would rather not have that info in a forum)? Thanks!

Hijack log for today:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:46 AM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLServiceHost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5401
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0BDFDB67-01D0-478A-887C-0F07121BAA89} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {17A8B53B-CB55-408D-84BB-3A209FCD5CB3} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {27D85468-7E94-40A0-A9BD-7870B8CEDB87} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {34F82D09-3A9C-4755-B09C-C17AD819AFA0} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {37C8CA82-26B6-4F6E-95E2-C46129D8A303} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {58CC0553-A3E8-4448-8EE6-DDA76F40844F} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmbyli.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8A4D4482-7592-42A0-8C9F-D9D8048C6CDA} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {8B02DF8D-4793-4370-9A6D-DB5946BE3F14} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {91E77D18-37FB-4626-A04A-57ECC68F6866} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: (no name) - {97F819E2-32CE-4F91-B2E5-493AB5366F19} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9A1EDAA3-2548-42F8-9A21-EF947624AA0B} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9DCBF0BB-B702-4E2A-87D1-741763B5976F} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {9F6F349E-805C-487C-92CE-45EDFF4E943C} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {A81D5966-4FEE-4C28-8C28-FAC07775BAB8} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BB92996E-D58C-4402-A80F-360F6F8C032E} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {BC363F01-4F6E-46B0-A2DE-F667C3BDB8B3} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {C07F94F4-6C67-4519-B0EE-46EE2494A8F2} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {CCA3203C-2AEC-444C-ACCA-D60DA258B0C7} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: (no name) - {CFFBD928-513A-4BEA-A682-A8469B6308EB} - C:\Program Files\Common Files\mexoj.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll (file missing)
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SprintDSLSetup] D:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - Global Startup: BVI DUBB Web Accelerator.lnk = C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/227
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149910108442
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

#4 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 18 June 2006 - 09:23 AM

I understand and agree with your needs to remain "private" and "anonymous" while online.

Any info you see in the Ewido log you consider "personal" (such as names, etc.), you could just replace it with question marks ("???"), then post it.

Would that be acceptable to you?

You could use Notepad, and use the "Find and replace" function in it for mass substitutions.

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

O2 - BHO: (no name) - {0BDFDB67-01D0-478A-887C-0F07121BAA89} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {17A8B53B-CB55-408D-84BB-3A209FCD5CB3} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {27D85468-7E94-40A0-A9BD-7870B8CEDB87} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {34F82D09-3A9C-4755-B09C-C17AD819AFA0} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {37C8CA82-26B6-4F6E-95E2-C46129D8A303} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {58CC0553-A3E8-4448-8EE6-DDA76F40844F} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmbyli.dll (file missing)

O2 - BHO: (no name) - {8A4D4482-7592-42A0-8C9F-D9D8048C6CDA} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {8B02DF8D-4793-4370-9A6D-DB5946BE3F14} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {91E77D18-37FB-4626-A04A-57ECC68F6866} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {97F819E2-32CE-4F91-B2E5-493AB5366F19} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {9A1EDAA3-2548-42F8-9A21-EF947624AA0B} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {9DCBF0BB-B702-4E2A-87D1-741763B5976F} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {9F6F349E-805C-487C-92CE-45EDFF4E943C} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {A81D5966-4FEE-4C28-8C28-FAC07775BAB8} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {BB92996E-D58C-4402-A80F-360F6F8C032E} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {BC363F01-4F6E-46B0-A2DE-F667C3BDB8B3} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {C07F94F4-6C67-4519-B0EE-46EE2494A8F2} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {CCA3203C-2AEC-444C-ACCA-D60DA258B0C7} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: (no name) - {CFFBD928-513A-4BEA-A682-A8469B6308EB} - C:\Program Files\Common Files\mexoj.dll

O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll (file missing)

O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O15 - Trusted Zone: *.elitemediagroup.net

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

Then click "Fix checked" and close Hijack This!.

Reboot in "safe" mode.

Delete all of the following noted (in red) file(s)/FOLDER(s) you can find:

c:\windows\system32\irssyncd.exe <--- file

c:\windows\system32\vsl07.exe <--- file

c:\windows\system32\wallp2.exe <--- file

Some malware files may be "hidden".
Be sure to show hidden files when looking for these file(s) and/or folder(s).

Reboot in normal mode and "copy/paste" a new HijackThis! log file into this thread. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#5 AngelV

AngelV

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 June 2006 - 11:58 AM

Ok...here we go! I have done the things below (from what I can tell no probs, but I'm no expert) :) Here is my hijack log and my ewido log

Logfile of HijackThis v1.99.1
Scan saved at 12:14:56 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1134106080\ee\AOLServiceHost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
C:\WINDOWS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5401
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134106080\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SprintDSLSetup] D:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BVI DUBB Web Accelerator.lnk = C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe/227
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149910108442
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe


ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:07:46 AM, 6/18/2006
+ Report-Checksum: 69A5EF65

+ Scan result:

HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup
[484] C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\???\Application Data\VCOM\Fix-It\Quarantine\optimize.exe.QUAR00 -> Downloader.Dyfuca.ey : Cleaned with backup
C:\Documents and Settings\???\Application Data\VCOM\Fix-It\Quarantine\svchostsys.exe.QUAR00 -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\???\Application Data\VCOM\Fix-It\Quarantine\svchostupdate.exe.QUAR00 -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@creative.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@media.top-banners[2].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ehg-411web.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@try.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\???\Cookies\???@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@ehg-vonage.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\???n\Cookies\???n@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Program Files\Common Files\mexoj.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whSurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\CCZoop05.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\mirar.exe -> Adware.NetNucleus : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\sys012165351751.exe -> Backdoor.Small : Cleaned with backup
C:\WINDOWS\system32\adrotate.dll -> Adware.Trafgen : Cleaned with backup
C:\WINDOWS\system32\cloudsim.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\irsmbyli.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\irsmeduh.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\irsmuivo.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\nse2F.dll -> Adware.Ezula : Cleaned with backup
C:\WINDOWS\system32\nsn38.dll -> Adware.Ezula : Cleaned with backup
C:\WINDOWS\system32\nsp54.dll -> Adware.Ezula : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\thiselt.exe -> Trojan.Popuper : Cleaned with backup
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\up9.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup


::Report End

#6 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 18 June 2006 - 08:02 PM

Fix these items with HijackThis!, then reboot:

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...bs/joysaver.cab

The only "unknown" I can find in the log is this:

O4 - Global Startup: BVI DUBB Web Accelerator.lnk = C:\Program Files\BVI DUBB Web Accelerator\bvidubb.exe

It looks innocent enough. Do you know/trust that application?
:unsure:

Thnx for the Ewido log.

I needed to check it to see if Ewido had problems removing anything. But it appears that it was up to the task of removing all it found.

How are things running for you now?
:unsure:

Post Infection Items To Ponder
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#7 AngelV

AngelV

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 June 2006 - 08:47 PM

Excellent! Micah, you are AWESOME!! I appreciate everything that you did! Thank you sooo much! :thumbup:

#8 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 18 June 2006 - 08:55 PM

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link

(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users