MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: surfsidekick
November 18, 2019, 02:41:21 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 18, 2019, 02:41:21 PM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2 3 ... 5 Go Down Print
Author Topic: surfsidekick  (Read 22536 times)
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« on: March 21, 2006, 03:22:52 AM »

I'm struggling with this surfsidekick.  Man, pop-ups galore.  Any help would be greatly appreciated.  Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 10:13:59 PM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\windows\mousepad4.exe
C:\WINDOWS\eee2.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\win3208194-1199006.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\F ma.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\netlay.exe
C:\WINDOWS\system32\netlay.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
« Last Edit: April 27, 2006, 02:25:18 PM by Admin » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 22, 2006, 01:12:46 AM »

Hi tomgig007

We will need the full HJT log to help....

In the mean time.Download the trial version of Ewido Security Suite

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
 http://www.ewido.net/en/download/updates/. Do not run a scan yet.

When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts).

Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.Please post its log here.
Logged

An Australian Member of

EDDY
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #2 on: March 22, 2006, 05:39:19 PM »

Pancake, thanks for the assistance.  I'm having some difficulty posting the log - its telling me that the message exceeds the maximum allowed length.  Any suggestions?
Logged

 
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #3 on: March 22, 2006, 05:47:54 PM »

ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         12:16:06 PM, 3/22/2006
 + Report-Checksum:      6A708EE6

 + Scan result:

   HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf1 -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf2 -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf3 -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Bargains -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Bookedspace -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Bookedspace\adware -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup
   HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup
   HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup
   HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup
   HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
   HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
   HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
   HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
   HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Cleaned with backup
   HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Adware.MediaMotor : Cleaned with backup
   HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Adware.NaviSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Adware.NaviSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Adware.NaviSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Adware.NaviSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Adware.DealHelper : Cleaned with backup
   HKLM\SOFTWARE\NaviSearch -> Adware.NaviSearch : Cleaned with backup
   HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
   HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
   HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-21-1606980848-562591055-725345543-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
   [704] C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
   [860] C:\WINDOWS\system32\nwtshell.dll -> Adware.Look2Me : Error during cleaning
   C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@broadspancommerce.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@e-2dj6wgkiejczodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@e-2dj6wjkygndjglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@journalregistercompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\Erin\Cookies\erin@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Erin\Local Settings\Temporary Internet Files\Content.IE5\2TPZTXPK\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup
   C:\Documents and Settings\Erin\Local Settings\Temporary Internet Files\Content.IE5\4TXKMYYN\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
   C:\Documents and Settings\Erin\My Documents\UCstem\t0skmgr.exe -> Adware.PurityScan : Cleaned with backup
   C:\Documents and Settings\Erin\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Erin\Start Menu\Programs\WhenU\Learn More About Save!.url -> Adware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Erin\Start Menu\Programs\WhenU\Learn More About SaveNow.url -> Adware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Erin\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@com[2].txt -> TrackingCookie.Com : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@grandonline[2].txt -> TrackingCookie.Grandonline : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
Logged

 
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #4 on: March 22, 2006, 05:49:50 PM »

2nd half of Ewido scan report.....

C:\Documents and Settings\Tom\Cookies\tom@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@www.grandonline[1].txt -> TrackingCookie.Grandonline : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
   C:\Documents and Settings\Tom\Cookies\tom@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\1.exe -> Dropper.Agent.hl : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\A7B10.tmp/faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\i13.tmp -> Adware.SurfSide : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\i47.tmp -> Adware.SurfSide : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\i8.tmp -> Adware.SurfSide : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\ICD2.tmp\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\ICD3.tmp\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\~os31.tmp\OSMIM.dll -> Adware.RK : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\~os31.tmp\ossproxy.exe -> Adware.RK : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temp\~os31.tmp\rk.bin -> Adware.RK : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\07YNA70N\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\07YNA70N\tct101[1].dll -> Downloader.Dyfuca.eg : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\07YNA70N\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\GHUN4DC5\MediaGateway[1].exe -> Adware.WinAD : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\GHUN4DC5\nem220[1].dll -> Downloader.Dyfuca : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\M5GJ85QP\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\Q38VG7IP\bridge-c18[1].cab/MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
   C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\Q38VG7IP\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
   C:\drsmartload1.exe -> Downloader.Adload.ac : Cleaned with backup
   C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
   C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
   C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
   C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\ace.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\AI_19-08-2005.log -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\AI_20-08-2005.log -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\CxtPls.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\libexpat.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\ProxyStub.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\uninstaller.exe -> Adware.Apropos : Cleaned with backup
   C:\Program Files\Aprps\WinGenerics.dll -> Adware.Apropos : Cleaned with backup
   C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\bin\bargains.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\index.dat -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\ub.dat -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Common Files\InetGet\mc-110-12-0000122.exe -> Dropper.Agent.aac : Cleaned with backup
   C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
   C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe -> Dropper.Agent.aac : Cleaned with backup
   C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Cleaned with backup
   C:\Program Files\Disney Interactive\Brother Bear\System\WinKeyHook.dll -> Not-A-Virus.PSWTool.Win32.Hooker.a : Cleaned with backup
   C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
   C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
   C:\Program Files\Internet Explorer\uqjxcuom.exe -> Downloader.Petrolin.b : Cleaned with backup
   C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
   C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup
   C:\Program Files\NaviSearch -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\NaviSearch\ad.dat -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\NaviSearch\bin -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\NaviSearch\bin\nls.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\NaviSearch\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
   C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
   C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
   C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup
   C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
   C:\Program Files\Toolbar888\ToolBar888.dll -> Adware.Softomate : Cleaned with backup
   C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
   C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
   C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
   C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
   C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
   C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
   C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
   C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
   C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
   C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
   C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
   C:\WINDOWS\bxxs5.dll -> Adware.BookedSpace : Cleaned with backup
   C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\int_ver34.ocx -> Dialer.VB.j : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\mm83.ocx -> Downloader.VB.ov : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
   C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\WINDOWS\F ma.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\WINDOWS\getnexus.exe -> Adware.SurfSide : Cleaned with backup
   C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\mousepad4.exe -> Hijacker.VB.lv : Cleaned with backup
   C:\WINDOWS\ms011199006194-2006.exe -> Downloader.VB.tw : Cleaned with backup
   C:\WINDOWS\ms0606194-11990.exe -> Downloader.VB.tw : Cleaned with backup
   C:\WINDOWS\ms076194-119900.exe -> Downloader.VB.tw : Cleaned with backup
   C:\WINDOWS\mynexus.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
   C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup
   C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
   C:\WINDOWS\ofxcdkq.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
   C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
   C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
   C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\system32\2.exe -> Dropper.Agent.hl : Cleaned with backup
   C:\WINDOWS\system32\868A90898F8A8B.exe -> Trojan.VB.aft : Cleaned with backup
   C:\WINDOWS\system32\ceimnbek.dll -> Adware.Agent : Cleaned with backup
   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MPMXSX\silent_install[1].exe -> Adware.EliteBar : Cleaned with backup
   C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
   C:\WINDOWS\system32\eccle.dat -> Downloader.Qoologic.bj : Cleaned with backup
   C:\WINDOWS\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\exdl1.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\exdl2.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\exul1.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
   C:\WINDOWS\system32\Fpjyvw.exe -> Adware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\Ilfrkm.exe -> Adware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\msbe.dll -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\netlay.exe -> Logger.VB.eh : Cleaned with backup
   C:\WINDOWS\system32\nvms.dll -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\Opkqhv.exe -> Adware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
   C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
   C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup
   C:\WINDOWS\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
   C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup
   C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
   C:\WINDOWS\system32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup
   C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup
   C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup
   C:\WINDOWS\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup
   C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\VG9t\asappsrv.dll -> Adware.CommAd : Cleaned with backup
   C:\WINDOWS\VG9t\command.exe -> Adware.CommAd : Cleaned with backup
   C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup
   C:\WINDOWS\webnexus.exe -> Downloader.Qoologic.at : Cleaned with backup
   C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
   C:\WINDOWS\win3208194-1199006.exe -> Downloader.VB.tw : Cleaned with backup
   C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End
Logged

 
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #5 on: March 22, 2006, 05:53:42 PM »

....and the HJT log.  Not sure if you need it, but figured it was best to include it.
thanks again

Logfile of HijackThis v1.99.1
Scan saved at 12:52:04 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ofxcdkqA.exe
C:\WINDOWS\errorhandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\mousepad4.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\sys0399006194-11.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\nwintrag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Tom\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{F602AE95-95E8-4D7E-E343-B02EAA127950} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=userinit.exe,ajlpdrd.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tkpzae.exe
O4 - HKLM\..\Run: [SpyElim] powerdll.exe
O4 - HKLM\..\Run: [WhatsNewBot] corrida.exe
O4 - HKLM\..\Run: [dmgqd.exe] C:\WINDOWS\system32\dmgqd.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [ofxcdkqA] C:\WINDOWS\ofxcdkqA.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys0399006194-11] C:\WINDOWS\sys0399006194-11.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{89-9E-E0-0E-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwintrag.exe CORN001
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [Testimonials] barint.exe
O4 - HKCU\..\Run: [WTFCTF] AppMasterCenter.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [lfwemu] C:\WINDOWS\system32\lfwemu.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwintrag.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - http://jpedownload.joltid.com/wi/p2p.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B0E05D8-618D-455D-886F-A90257A14D60}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{A809442B-A4C5-4B74-A34E-1376063FD8F0}: NameServer = 85.255.114.44,85.255.112.95
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\g0jo0a13ed.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9t\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ofxcdkq.exe
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: March 23, 2006, 12:29:59 AM »

Hi. You have one heck of a mess here and it will take a few hits at it to get it clean.

It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed.
-------------------------------------------------------------

Before we start working with your log, you are running Hijack This from a temporary location. If we leave it where it is, backups will not be saved so lets move the file to it's own folder in C:\Program Files.

To do this, go here and download Move_HijackThis.vbs to your Desktop.


Doubleclick on Move_hijackthis.vbs to run it. If you get a warning about a malicious script, please ignore that and allow this to run.

When the script has finished running, it will start Hijackthis from its new location in C:\Program Files\Hijackthis\hijackthis.exe. To run Hijack This next time, please go to C:\Programs Files or use the Run box.

-----------------------------------------------------------

Download any of the required programs before attempting to start any of the fixes.

-------------------------------------------------------------
SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
 ------------------------------------------------------------------

 

You will need to remove NEW.NET.This is best done via Add/Remove.In some cases removing it can cause problems connecting to the net, so download WinsockFix now and keep it handy.

If there is no entry, download and run the New.net uninstaller from here http://www.newdotnet.com/removal.html. Reboot afterwards.


Download WinsockFix and unzip it.  Then double-click on it to run it should you have problems.

----------------------------------------------------------------

Please download FixWareout

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:




R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{F602AE95-95E8-4D7E-E343-B02EAA127950} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=userinit.exe,ajlpdrd.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tkpzae.exe
O4 - HKLM\..\Run: [SpyElim] powerdll.exe
O4 - HKLM\..\Run: [WhatsNewBot] corrida.exe
O4 - HKLM\..\Run: [dmgqd.exe] C:\WINDOWS\system32\dmgqd.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [ofxcdkqA] C:\WINDOWS\ofxcdkqA.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad4.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys0399006194-11] C:\WINDOWS\sys0399006194-11.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{89-9E-E0-0E-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwintrag.exe CORN001
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [Neca] C:\Documents and Settings\Tom\Application Data\edho.exe
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [Testimonials] barint.exe
O4 - HKCU\..\Run: [WTFCTF] AppMasterCenter.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [lfwemu] C:\WINDOWS\system32\lfwemu.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwintrag.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B0E05D8-618D-455D-886F-A90257A14D60}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{A809442B-A4C5-4B74-A34E-1376063FD8F0}: NameServer = 85.255.114.44,85.255.112.95
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\g0jo0a13ed.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ofxcdkq.exe


------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.

Folders that have been highlighted RED will need to be uninstalled.


Open Windows Explorer and delete the following highlighted  file/s
Also delete the following red folder/s
 
C:\WINDOWS\ofxcdkq.exe
 C:\WINDOWS\ofxcdkqA.exe
C:\WINDOWS\system32\lfwemu.exe
 C:\WINDOWS\system32\nwintrag.exe
 C:\WINDOWS\system32\idemlog.exe
C:\WINDOWS\SYSC00.exe
 C:\WINDOWS\sys0399006194-11.exe
c:\windows\system32\dwdsregt.exe
 c:\windows\mousepad4.exe
C:\WINDOWS\errorhandler.exe
C:\windows\newname4.exe
 C:\windows\keyboard4.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\loadadv64
C:\WINDOWS\system32\dmgqd.exe
C:\WINDOWS\system32\Tkpzae.exe
 C:\WINDOWS\system32\poemr.exe
C:\WINDOWS\system32\w9seq.dll


C:\Program Files\Network Monitor
 C:\Program Files\SurfSideKick 3
 C:\Program Files\Common Files\VCClient
C:\Program Files\EQAdvice
C:\Program Files\webHancer
C:\Program Files\Internet Optimizer
C:\PROGRAM FILES\NEWDOTNET
C:\Program Files\NaviSearch
 C:\Program Files\BullsEye Network
C:\Program Files\Toolbar888

 -------------------------------------------------------------------




Should you have problems connecting to the internet after the fix, follow these instrutions.

Please go to Start -> Control Panel  Network Connections. Rightclick on your default connection (usually Local Area Connection or Dial-up Connection if you are using Dial-up) and leftclick on Properties. Doubleclick on the Internet Protocol (TCP/IP) item and select the button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.



When finished please  post a new log......
« Last Edit: March 23, 2006, 12:46:09 AM by Pancake » Logged

An Australian Member of

EDDY
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #7 on: March 23, 2006, 02:56:54 AM »

I haven't even gotten started yet, and I've already run into a problem.  When I run Move Hijack This I get - Hijack.exe not found.  Can I just physically move it into program files myself, or will that not have the desired effect?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: March 23, 2006, 03:13:42 AM »

Yes you can move it .....but maybe best if you get a new one....

 download HijackThis.  It will create a directory folder for you in C\Program files.
Logged

An Australian Member of

EDDY
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #9 on: March 23, 2006, 05:51:05 PM »

Pancake,

I've completed the steps that you laid out yesterday.  It didn't go exactly as described, but I worked my way through.  I'm not sure that FixWareout did anything.  It never stepped through any additional prompts when I ran it, and it didn't ask to reboot.  It gave me this report:

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
  33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
.....
please post this at the forum

I went ahead and restarted manually and proceeded on to Hijack This.  I checked and fixed per your instructions, there were 3 that were not there.

I found and deleted most of the windows files that you had indicated, there were a few missing.

I've still got some stuff going on, but hopefully I've made some progress.  Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:50:03 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ms0606194-11990.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tom\Application Data\F?nts\??anregw.exe
C:\PROGRA~1\WNSXS~1\tracert.exe
C:\WINDOWS\VG9t\command.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ajlpdrd.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms0606194-11990] C:\WINDOWS\ms0606194-11990.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Wbswq] C:\Documents and Settings\Tom\Application Data\F?nts\??anregw.exe
O4 - HKCU\..\Run: [Neca] "C:\PROGRA~1\WNSXS~1\tracert.exe" -vt yazr
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - http://jpedownload.joltid.com/wi/p2p.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\g8220ifoe82c0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9t\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #10 on: March 24, 2006, 12:34:15 AM »

Hi.Things are looking ok.Not far to go now.You should by now see some improvement in your computer.

It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed.

-------------------------------------------------------------



Download any of the required programs before attempting to start any of the fixes.

  ------------------------------------------------------------------

Go here  http://www.purityscan.com/uninstall.html  and run the Purity Scan uninstaller and reboot afterwards.


----------------------------------------------------------------

Please download Look2Me-Destroyer.exe to your desktop and close all windows before continuing.

Doubleclick Look2Me-Destroyer.exe to run it and put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK. When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK.

When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown.

Restart your computer and please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

--------------------------------------------------------------

Go to Start > Run and type

cmd

and OK. Type the below commands and hit "Enter" after each line

sc stop cmdService
sc delete cmdService


Type Exit to close.

------------------------------------------------------------------------


Files highlighted in BLACK  will need to be removed from your hard drive.


-----------------------------------------------------------------------

Please start by going into SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
 ------------------------------------------------------------------



Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following exe file and click End Process for each one if they are  listed.

poemr.exe
ajlpdrd.exe
ms0606194-11990.exe


------------------------------------------------------------------   
               
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ajlpdrd.exe
O4 - HKLM\..\Run: [ms0606194-11990] C:\WINDOWS\ms0606194-11990.exe
O4 - HKCU\..\Run: [Wbswq] C:\Documents and Settings\Tom\Application Data\F?nts\??anregw.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\g8220ifoe82c0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9t\command.exe

------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted  file/s

 C:\WINDOWS\system32\poemr.exe
C:\WINDOWS\system32\ajlpdrd.exe
C:\WINDOWS\ms0606194-11990.exe
C:\WINDOWS\system32\dmonwv.dll

 -------------------------------------------------------------------



When finished please  post a new log......
« Last Edit: March 24, 2006, 12:37:06 AM by Pancake » Logged

An Australian Member of

EDDY
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #11 on: March 24, 2006, 01:07:24 AM »

Yes, its much better already.  I'm halfway through.  Here is the Look2Me.txt and a new HJT log:

Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/23/2006 7:52:15 PM

Infected! C:\WINDOWS\system32\jtj4071qe.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174475.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174479.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0175481.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175511.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175515.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175527.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175531.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175546.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175550.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176550.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176557.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176561.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176568.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176572.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0177571.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178571.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178581.dll
Infected! C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178585.dll
Infected! C:\WINDOWS\system32\csbjmon.dll
Infected! C:\WINDOWS\system32\hrno0553e.dll
Infected! C:\WINDOWS\system32\j0p00a7med.dll
Infected! C:\WINDOWS\system32\jtj4071qe.dll
Infected! C:\WINDOWS\system32\jtpq0775e.dll
Infected! C:\WINDOWS\system32\lvnq0955e.dll
Infected! C:\WINDOWS\system32\q2860clsefq60.dll
Infected! C:\WINDOWS\system32\siecli.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\jtj4071qe.dll
C:\WINDOWS\system32\jtj4071qe.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174475.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174475.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174479.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0174479.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0175481.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP564\A0175481.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175511.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175511.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175515.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175515.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175527.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175527.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175531.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175531.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175546.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175546.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175550.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0175550.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176550.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176550.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176557.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176557.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176561.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176561.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176568.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176568.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176572.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0176572.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0177571.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0177571.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178571.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178571.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178581.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178585.dll
C:\System Volume Information\_restore{93FAC285-5982-4DBA-9ECC-5BB4F0B3103D}\RP565\A0178585.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\csbjmon.dll
C:\WINDOWS\system32\csbjmon.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrno0553e.dll
C:\WINDOWS\system32\hrno0553e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j0p00a7med.dll
C:\WINDOWS\system32\j0p00a7med.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtj4071qe.dll
C:\WINDOWS\system32\jtj4071qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jtpq0775e.dll
C:\WINDOWS\system32\jtpq0775e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvnq0955e.dll
C:\WINDOWS\system32\lvnq0955e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q2860clsefq60.dll
C:\WINDOWS\system32\q2860clsefq60.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\siecli.dll
C:\WINDOWS\system32\siecli.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F69DBC2D-63BC-464B-8EE0-A6B62EA35663}"
HKCR\Clsid\{F69DBC2D-63BC-464B-8EE0-A6B62EA35663}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



----------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:02:24 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ms0606194-11990.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\VG9t\command.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ajlpdrd.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms0606194-11990] C:\WINDOWS\ms0606194-11990.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - http://jpedownload.joltid.com/wi/p2p.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9t\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


I will finish out the rest of your instructions and post another HJT log in a few.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #12 on: March 24, 2006, 01:24:04 AM »

Ok,fine.
Logged

An Australian Member of

EDDY
tomgig007
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 7


Bookmark and Share

View Profile
« Reply #13 on: March 24, 2006, 01:35:34 AM »

I didn't find poemr.exe or ajlpdrd.exe in the HJT process manager or in windows explorer.  It wouldn't let me delete dmonwv.dll.  I did all of the rest.  Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:23 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\poemr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ajlpdrd.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - http://jpedownload.joltid.com/wi/p2p.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx2.6.1.7_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #14 on: March 24, 2006, 01:58:26 AM »

Thats now looking great.Let me sit on those other two files for a bit and I will see what can be done with them...I will get back to you..

in the mean time....

Recommended Protection Programs

Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlasterto help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here is a free one  for personal use:

ZoneAlarm
Logged

An Australian Member of

EDDY
Pages: [1] 2 3 ... 5 Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 16, 2019, 06:40:46 PM