|
Help with w32.Myzor.FK@yf
|
|
|
Bronco09
Suspended due to non-functional email address
|
7. August 2006 @ 15:50 |
Link to this message
|
|
i need help knowing if I still i have the w32.Myzor.FK@yf virus. i follwed instructions from another thread but i dont know if i still have the w32.Myzor.FK@yf virus. When i would open my internet expolre it would say that i had a virus and need to download spyware protection, now it doesnt say it any more. Can somebody help me figure out if i have it or not?
|
|
Advertisement
|
 |
|
|
|
Bronco09
Suspended due to non-functional email address
|
7. August 2006 @ 15:59 |
Link to this message
|
I did this, can someone see if there is anything wrong with it:
Logfile of HijackThis v1.99.1
Scan saved at 4:57:26 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DNG18VI\HijackThis_v1.99.1[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
|
maca1
Senior Member
|
7. August 2006 @ 17:02 |
Link to this message
|
Your running HijackThis from a temp folder.
Go to Start - my computer
Double click local disk (C:) and create a new folder in there called
"HJT". Move your HijackThis.exe in there.
Go to the link below and download the trial version of SpySweeper:
SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?ac...
* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
This message has been edited since posting. Last time this message was edited on 7. August 2006 @ 17:17
|
|
Bronco09
Suspended due to non-functional email address
|
7. August 2006 @ 17:49 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 6:48:10 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DNG18VI\HijackThis_v1.99.1[2].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
6:43 PM: Removal process completed. Elapsed time 00:00:07
6:43 PM: Quarantining All Traces: starpulse cookie
6:43 PM: Quarantining All Traces: pesttrap cookie
6:43 PM: Quarantining All Traces: clixgalore cookie
6:43 PM: Quarantining All Traces: adminder cookie
6:43 PM: Quarantining All Traces: webpower cookie
6:43 PM: Quarantining All Traces: videodome cookie
6:43 PM: Quarantining All Traces: ugo cookie
6:43 PM: Quarantining All Traces: trb.com cookie
6:43 PM: Quarantining All Traces: tracking cookie
6:43 PM: Quarantining All Traces: toprebates.com cookie
6:43 PM: Quarantining All Traces: toplist cookie
6:43 PM: Quarantining All Traces: tickle cookie
6:43 PM: Quarantining All Traces: adbureau cookie
6:43 PM: Quarantining All Traces: servlet cookie
6:43 PM: Quarantining All Traces: seeq cookie
6:43 PM: Quarantining All Traces: coolsavings cookie
6:43 PM: Quarantining All Traces: tvguide cookie
6:43 PM: Quarantining All Traces: rn11 cookie
6:43 PM: Quarantining All Traces: reunion cookie
6:43 PM: Quarantining All Traces: directtrack cookie
6:43 PM: Quarantining All Traces: qsrch cookie
6:43 PM: Quarantining All Traces: pricegrabber cookie
6:43 PM: Quarantining All Traces: outster cookie
6:43 PM: Quarantining All Traces: 2o7.net cookie
6:43 PM: Quarantining All Traces: mrskin cookie
6:43 PM: Quarantining All Traces: monstermarketplace cookie
6:43 PM: Quarantining All Traces: metareward.com cookie
6:43 PM: Quarantining All Traces: malwarewipe cookie
6:43 PM: Quarantining All Traces: webtrends cookie
6:43 PM: Quarantining All Traces: domainsponsor cookie
6:43 PM: Quarantining All Traces: kinghost cookie
6:43 PM: Quarantining All Traces: imlive.com cookie
6:43 PM: Quarantining All Traces: freestats.net cookie
6:42 PM: Quarantining All Traces: gostats cookie
6:42 PM: Quarantining All Traces: gamespy cookie
6:42 PM: Quarantining All Traces: fortunecity cookie
6:42 PM: Quarantining All Traces: eroticy cookie
6:42 PM: Quarantining All Traces: engage cookie
6:42 PM: Quarantining All Traces: did-it cookie
6:42 PM: Quarantining All Traces: dealtime cookie
6:42 PM: Quarantining All Traces: danni cookie
6:42 PM: Quarantining All Traces: 360i cookie
6:42 PM: Quarantining All Traces: contextuads cookie
6:42 PM: Quarantining All Traces: classmates cookie
6:42 PM: Quarantining All Traces: ccbill cookie
6:42 PM: Quarantining All Traces: cassava cookie
6:42 PM: Quarantining All Traces: casalemedia cookie
6:42 PM: Quarantining All Traces: barelylegal cookie
6:42 PM: Quarantining All Traces: bravenet cookie
6:42 PM: Quarantining All Traces: banners cookie
6:42 PM: Quarantining All Traces: azjmp cookie
6:42 PM: Quarantining All Traces: primaryads cookie
6:42 PM: Quarantining All Traces: adultrevenueservice cookie
6:42 PM: Quarantining All Traces: adecn cookie
6:42 PM: Quarantining All Traces: aa cookie
6:42 PM: Quarantining All Traces: 888 cookie
6:42 PM: Quarantining All Traces: 64.62.232 cookie
6:42 PM: Quarantining All Traces: xiti cookie
6:42 PM: Quarantining All Traces: screensavers.com cookie
6:42 PM: Quarantining All Traces: tripod cookie
6:42 PM: Quarantining All Traces: realmedia cookie
6:42 PM: Quarantining All Traces: nextag cookie
6:42 PM: Quarantining All Traces: maxserving cookie
6:42 PM: Quarantining All Traces: techtarget cookie
6:42 PM: Quarantining All Traces: humanclick cookie
6:42 PM: Quarantining All Traces: go.com cookie
6:42 PM: Quarantining All Traces: experclick cookie
6:42 PM: Quarantining All Traces: cardomain cookie
6:42 PM: Quarantining All Traces: bizrate cookie
6:42 PM: Quarantining All Traces: banner cookie
6:42 PM: Quarantining All Traces: atwola cookie
6:42 PM: Quarantining All Traces: belnk cookie
6:42 PM: Quarantining All Traces: ask cookie
6:42 PM: Quarantining All Traces: apmebf cookie
6:42 PM: Quarantining All Traces: adserver cookie
6:42 PM: Quarantining All Traces: cc214142 cookie
6:42 PM: Quarantining All Traces: adrevolver cookie
6:42 PM: Quarantining All Traces: adprofile cookie
6:42 PM: Quarantining All Traces: hbmediapro cookie
6:42 PM: Quarantining All Traces: adknowledge cookie
6:42 PM: Quarantining All Traces: about cookie
6:42 PM: Quarantining All Traces: websponsors cookie
6:42 PM: Quarantining All Traces: winad
6:42 PM: Quarantining All Traces: 180search assistant/zango
6:42 PM: Removal process initiated
6:42 PM: Traces Found: 150
6:42 PM: Full Sweep has completed. Elapsed time 00:19:01
6:42 PM: File Sweep Complete, Elapsed Time: 00:17:11
6:35 PM: Warning: Failed to access drive E:
6:33 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{237f52c8-10ca-4fcb-b1f6-844b925d0d30}.bin". The operation completed successfully
6:25 PM: C:\Documents and Settings\Guest\Local Settings\Temp\1801.mht (ID = 147169)
6:25 PM: Found Adware: 180search assistant/zango
6:25 PM: C:\Program Files\Media Gateway (1 subtraces) (ID = 2147490169)
6:25 PM: Found Adware: winad
6:24 PM: Starting File Sweep
6:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:28
6:24 PM: c:\documents and settings\owner\cookies\owner@xiti[1].txt (ID = 3717)
6:24 PM: c:\documents and settings\owner\cookies\owner@xbox.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@www48.seeq[1].txt (ID = 3332)
6:24 PM: c:\documents and settings\owner\cookies\owner@www.starpulse[2].txt (ID = 3440)
6:24 PM: Found Spy Cookie: starpulse cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@www.screensavers[2].txt (ID = 3298)
6:24 PM: c:\documents and settings\owner\cookies\owner@www.pesttrap[1].txt (ID = 6462)
6:24 PM: Found Spy Cookie: pesttrap cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@www.mrskin[1].txt (ID = 3021)
6:24 PM: c:\documents and settings\owner\cookies\owner@www.eroticy[1].txt (ID = 2624)
6:24 PM: c:\documents and settings\owner\cookies\owner@www.danni[2].txt (ID = 2494)
6:24 PM: c:\documents and settings\owner\cookies\owner@www.clixgalore[1].txt (ID = 2417)
6:24 PM: Found Spy Cookie: clixgalore cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@www.adminder[1].txt (ID = 2079)
6:24 PM: Found Spy Cookie: adminder cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@www.888[1].txt (ID = 2020)
6:24 PM: c:\documents and settings\owner\cookies\owner@webpower[1].txt (ID = 3660)
6:24 PM: Found Spy Cookie: webpower cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@videodome[1].txt (ID = 3638)
6:24 PM: Found Spy Cookie: videodome cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@vgstrategies.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@urbanlegends.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@ugo[1].txt (ID = 3608)
6:24 PM: Found Spy Cookie: ugo cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@tvguide[2].txt (ID = 3599)
6:24 PM: c:\documents and settings\owner\cookies\owner@tripod[1].txt (ID = 3591)
6:24 PM: c:\documents and settings\owner\cookies\owner@trb[2].txt (ID = 3587)
6:24 PM: Found Spy Cookie: trb.com cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@tracking[1].txt (ID = 3571)
6:24 PM: Found Spy Cookie: tracking cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@toprebates[2].txt (ID = 3561)
6:24 PM: Found Spy Cookie: toprebates.com cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@toplist[2].txt (ID = 3557)
6:24 PM: c:\documents and settings\owner\cookies\owner@toplist[1].txt (ID = 3557)
6:24 PM: Found Spy Cookie: toplist cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@tickle[2].txt (ID = 3529)
6:24 PM: Found Spy Cookie: tickle cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@teentvmovies.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@stat.dealtime[2].txt (ID = 2506)
6:24 PM: c:\documents and settings\owner\cookies\owner@sports.espn.go[2].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@spanish.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@snowboarding.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@sideshow.directtrack[2].txt (ID = 2528)
6:24 PM: c:\documents and settings\owner\cookies\owner@shoplocl.adbureau[2].txt (ID = 2060)
6:24 PM: Found Spy Cookie: adbureau cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@servlet[1].txt (ID = 3345)
6:24 PM: Found Spy Cookie: servlet cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@seeq[1].txt (ID = 3331)
6:24 PM: Found Spy Cookie: seeq cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@secure.danni[2].txt (ID = 2494)
6:24 PM: c:\documents and settings\owner\cookies\owner@search.espn.go[1].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@sdc.tvguide[1].txt (ID = 3600)
6:24 PM: c:\documents and settings\owner\cookies\owner@sav.coolsavings[1].txt (ID = 2466)
6:24 PM: Found Spy Cookie: coolsavings cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@rsi.tvguide[1].txt (ID = 3600)
6:24 PM: Found Spy Cookie: tvguide cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@rn11[2].txt (ID = 3261)
6:24 PM: Found Spy Cookie: rn11 cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@ridemg.directtrack[2].txt (ID = 2528)
6:24 PM: c:\documents and settings\owner\cookies\owner@reunion[2].txt (ID = 3255)
6:24 PM: Found Spy Cookie: reunion cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@realmedia[2].txt (ID = 3235)
6:24 PM: c:\documents and settings\owner\cookies\owner@rapidresponse.directtrack[1].txt (ID = 2528)
6:24 PM: Found Spy Cookie: directtrack cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@qsrch[2].txt (ID = 3215)
6:24 PM: Found Spy Cookie: qsrch cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@pricegrabber[2].txt (ID = 3185)
6:24 PM: Found Spy Cookie: pricegrabber cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@outster[2].txt (ID = 3103)
6:24 PM: Found Spy Cookie: outster cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@nextag[2].txt (ID = 5014)
6:24 PM: c:\documents and settings\owner\cookies\owner@msnportal.112.2o7[1].txt (ID = 1958)
6:24 PM: Found Spy Cookie: 2o7.net cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@mrskin[2].txt (ID = 3020)
6:24 PM: Found Spy Cookie: mrskin cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@movies.go[2].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@monstermarketplace[1].txt (ID = 3006)
6:24 PM: Found Spy Cookie: monstermarketplace cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@metareward[2].txt (ID = 2990)
6:24 PM: Found Spy Cookie: metareward.com cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@maxserving[1].txt (ID = 2966)
6:24 PM: c:\documents and settings\owner\cookies\owner@math.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@malwarewipe[1].txt (ID = 6467)
6:24 PM: Found Spy Cookie: malwarewipe cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@m.webtrends[1].txt (ID = 3669)
6:24 PM: Found Spy Cookie: webtrends cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@littlerock.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@landing.domainsponsor[1].txt (ID = 2535)
6:24 PM: Found Spy Cookie: domainsponsor cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@kinghost[1].txt (ID = 2903)
6:24 PM: Found Spy Cookie: kinghost cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@insider.espn.go[1].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@imlive[2].txt (ID = 2843)
6:24 PM: Found Spy Cookie: imlive.com cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@i.screensavers[1].txt (ID = 3298)
6:24 PM: c:\documents and settings\owner\cookies\owner@humor.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@hotels.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@horror.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@homevideo.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@hatland.freestats[1].txt (ID = 2705)
6:24 PM: Found Spy Cookie: freestats.net cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@go[2].txt (ID = 2728)
6:24 PM: c:\documents and settings\owner\cookies\owner@govegas.about[2].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@gostats[2].txt (ID = 2747)
6:24 PM: Found Spy Cookie: gostats cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@gocalifornia.about[2].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@gamespy[1].txt (ID = 2719)
6:24 PM: Found Spy Cookie: gamespy cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@galleries.danni[1].txt (ID = 2494)
6:24 PM: c:\documents and settings\owner\cookies\owner@fortunecity[2].txt (ID = 2686)
6:24 PM: Found Spy Cookie: fortunecity cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@expn.go[1].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@espn.go[2].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@eroticy[1].txt (ID = 2623)
6:24 PM: Found Spy Cookie: eroticy cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@engage.everyone[2].txt (ID = 2611)
6:24 PM: Found Spy Cookie: engage cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@dist.belnk[2].txt (ID = 2293)
6:24 PM: c:\documents and settings\owner\cookies\owner@did-it[2].txt (ID = 2523)
6:24 PM: Found Spy Cookie: did-it cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@dealtime[2].txt (ID = 2505)
6:24 PM: Found Spy Cookie: dealtime cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@dating.about[2].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@danni[2].txt (ID = 2493)
6:24 PM: Found Spy Cookie: danni cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@ct.360i[1].txt (ID = 1962)
6:24 PM: Found Spy Cookie: 360i cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@couponing.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@contextuads[1].txt (ID = 2461)
6:24 PM: Found Spy Cookie: contextuads cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@classmates[1].txt (ID = 2384)
6:24 PM: Found Spy Cookie: classmates cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@cellphones.about[2].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@ccbill[1].txt (ID = 2369)
6:24 PM: Found Spy Cookie: ccbill cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@cassava[1].txt (ID = 2362)
6:24 PM: Found Spy Cookie: cassava cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@casalemedia[2].txt (ID = 2354)
6:24 PM: Found Spy Cookie: casalemedia cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@c.fsx[2].txt (ID = 2286)
6:24 PM: Found Spy Cookie: barelylegal cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@bravenet[1].txt (ID = 2322)
6:24 PM: Found Spy Cookie: bravenet cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@bizrate[1].txt (ID = 2308)
6:24 PM: c:\documents and settings\owner\cookies\owner@belnk[2].txt (ID = 2292)
6:24 PM: c:\documents and settings\owner\cookies\owner@banner[2].txt (ID = 2276)
6:24 PM: c:\documents and settings\owner\cookies\owner@banners[2].txt (ID = 2282)
6:24 PM: Found Spy Cookie: banners cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@azjmp[2].txt (ID = 2270)
6:24 PM: Found Spy Cookie: azjmp cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@atwola[2].txt (ID = 2255)
6:24 PM: c:\documents and settings\owner\cookies\owner@atheism.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@ath.belnk[1].txt (ID = 2293)
6:24 PM: c:\documents and settings\owner\cookies\owner@ask[1].txt (ID = 2245)
6:24 PM: c:\documents and settings\owner\cookies\owner@apmebf[1].txt (ID = 2229)
6:24 PM: c:\documents and settings\owner\cookies\owner@aff.primaryads[2].txt (ID = 3190)
6:24 PM: Found Spy Cookie: primaryads cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@advertising.about[1].txt (ID = 2038)
6:24 PM: c:\documents and settings\owner\cookies\owner@adultrevenueservice[1].txt (ID = 2167)
6:24 PM: Found Spy Cookie: adultrevenueservice cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@ads.cc214142[1].txt (ID = 2367)
6:24 PM: c:\documents and settings\owner\cookies\owner@adrevolver[3].txt (ID = 2088)
6:24 PM: c:\documents and settings\owner\cookies\owner@adprofile[2].txt (ID = 2084)
6:24 PM: c:\documents and settings\owner\cookies\owner@adknowledge[2].txt (ID = 2072)
6:24 PM: c:\documents and settings\owner\cookies\owner@adecn[1].txt (ID = 2063)
6:24 PM: Found Spy Cookie: adecn cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@about[1].txt (ID = 2037)
6:24 PM: c:\documents and settings\owner\cookies\owner@abclocal.go[1].txt (ID = 2729)
6:24 PM: c:\documents and settings\owner\cookies\owner@aa[1].txt (ID = 2029)
6:24 PM: Found Spy Cookie: aa cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@a.websponsors[2].txt (ID = 3665)
6:24 PM: c:\documents and settings\owner\cookies\owner@888[2].txt (ID = 2019)
6:24 PM: c:\documents and settings\owner\cookies\owner@888[1].txt (ID = 2019)
6:24 PM: Found Spy Cookie: 888 cookie
6:24 PM: c:\documents and settings\owner\cookies\owner@64.62.232[2].txt (ID = 1987)
6:24 PM: Found Spy Cookie: 64.62.232 cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@xiti[1].txt (ID = 3717)
6:24 PM: Found Spy Cookie: xiti cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@www.screensavers[2].txt (ID = 3298)
6:24 PM: Found Spy Cookie: screensavers.com cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@www.cardomain[2].txt (ID = 2351)
6:24 PM: c:\documents and settings\guest\cookies\guest@tripod[1].txt (ID = 3591)
6:24 PM: Found Spy Cookie: tripod cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@realmedia[2].txt (ID = 3235)
6:24 PM: Found Spy Cookie: realmedia cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@nextag[2].txt (ID = 5014)
6:24 PM: Found Spy Cookie: nextag cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@maxserving[2].txt (ID = 2966)
6:24 PM: Found Spy Cookie: maxserving cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@labmice.techtarget[1].txt (ID = 3500)
6:24 PM: Found Spy Cookie: techtarget cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@hc2.humanclick[2].txt (ID = 2810)
6:24 PM: Found Spy Cookie: humanclick cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@go[1].txt (ID = 2728)
6:24 PM: Found Spy Cookie: go.com cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@experclick[1].txt (ID = 2639)
6:24 PM: Found Spy Cookie: experclick cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@dist.belnk[2].txt (ID = 2293)
6:24 PM: c:\documents and settings\guest\cookies\guest@cardomain[1].txt (ID = 2350)
6:24 PM: Found Spy Cookie: cardomain cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@bizrate[2].txt (ID = 2308)
6:24 PM: Found Spy Cookie: bizrate cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@belnk[1].txt (ID = 2292)
6:24 PM: c:\documents and settings\guest\cookies\guest@banner[2].txt (ID = 2276)
6:24 PM: Found Spy Cookie: banner cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@atwola[1].txt (ID = 2255)
6:24 PM: Found Spy Cookie: atwola cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@ath.belnk[2].txt (ID = 2293)
6:24 PM: Found Spy Cookie: belnk cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@ask[1].txt (ID = 2245)
6:24 PM: Found Spy Cookie: ask cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@apmebf[2].txt (ID = 2229)
6:24 PM: Found Spy Cookie: apmebf cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@adserver[1].txt (ID = 2141)
6:24 PM: Found Spy Cookie: adserver cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@ads.cc214142[2].txt (ID = 2367)
6:24 PM: Found Spy Cookie: cc214142 cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@adrevolver[2].txt (ID = 2088)
6:24 PM: Found Spy Cookie: adrevolver cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@adprofile[2].txt (ID = 2084)
6:24 PM: Found Spy Cookie: adprofile cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@adopt.hbmediapro[2].txt (ID = 2768)
6:24 PM: Found Spy Cookie: hbmediapro cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@adknowledge[1].txt (ID = 2072)
6:24 PM: Found Spy Cookie: adknowledge cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@about[1].txt (ID = 2037)
6:24 PM: Found Spy Cookie: about cookie
6:24 PM: c:\documents and settings\guest\cookies\guest@a.websponsors[1].txt (ID = 3665)
6:24 PM: Found Spy Cookie: websponsors cookie
6:24 PM: Starting Cookie Sweep
6:24 PM: Memory Sweep Complete, Elapsed Time: 00:01:14
6:23 PM: Starting Memory Sweep
6:23 PM: Sweep initiated using definitions version 691
6:23 PM: Spy Sweeper 5.0.5.1286 started
6:23 PM: | Start of Session, Monday, August 07, 2006 |
********
6:23 PM: | End of Session, Monday, August 07, 2006 |
6:20 PM: None
6:20 PM: Traces Found: 1
6:20 PM: Memory Sweep Complete, Elapsed Time: 00:00:07
6:20 PM: Sweep Canceled
6:20 PM: Starting Memory Sweep
6:20 PM: HKU\WRSS_Profile_S-1-5-21-3188126825-1688562564-3889130483-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 1193580)
6:20 PM: Found Adware: internetoptimizer
6:20 PM: Sweep initiated using definitions version 691
6:20 PM: Spy Sweeper 5.0.5.1286 started
6:20 PM: | Start of Session, Monday, August 07, 2006 |
********
6:20 PM: | End of Session, Monday, August 07, 2006 |
6:18 PM: BHO Shield: found: -- BHO installation denied at user request
6:18 PM: BHO Shield: found: -- BHO installation denied at user request
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:18 PM: Shield States
6:18 PM: Spyware Definitions: 691
6:17 PM: Spy Sweeper 5.0.5.1286 started
6:17 PM: Spy Sweeper 5.0.5.1286 started
6:17 PM: | Start of Session, Monday, August 07, 2006 |
********
there was no next button.
|
|
maca1
Senior Member
|
7. August 2006 @ 18:18 |
Link to this message
|
That's ok
Download the pocket killbox
http://www.bleepingcomputer.com/files/killbox.php
* Click here for info on how to boot to safe mode if you don't already know
how.
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
have hijack this fix these entries. close all programmes before
clicking FIX.
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.
Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.
C:\WINDOWS\System32\winlogi.exe
Reboot into normal mode and follow the instuctions of my first post about moving HijackThis into a permanent folder
Post another log
This message has been edited since posting. Last time this message was edited on 7. August 2006 @ 19:45
|
|
Bronco09
Suspended due to non-functional email address
|
7. August 2006 @ 22:25 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 11:21:31 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weakgame.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c356.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36D1745D-38C9-42EF-BF7F-25813A277C00} (AXSlider Control) - http://www.musicpoll.com/C3Web2/AXSliderProj.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
|
|
maca1
Senior Member
|
7. August 2006 @ 22:45 |
Link to this message
|
What kept you? you could be getting infected in the process making this kinda pointless.
Please go to this site: http://virusscan.jotti.org/
Use the Browse button at Jotti.
Navigate to the file's location on your hard drive and submit this file:
C:\Program Files\Ustpn\Siyvw.exe
Let me know what it says regarding the file.
|
|
Bronco09
Suspended due to non-functional email address
|
8. August 2006 @ 08:05 |
Link to this message
|
|
i've been on and off the computer. I dont seem to have that file, i have the folder but nothing is in it.
|
|
maca1
Senior Member
|
8. August 2006 @ 09:48 |
Link to this message
|
ok, How are things now?
i've found nothing on that file so it's up to you want to keep that folder on your system, to get rid of it:
Check with HijackThis
O4 - HKLM\..\Run: [Ezmafv] C:\Program Files\Ustpn\Siyvw.exe
Make sure all other eindows are closed and click fix
reboot into safe mode. Find and delete this folder:
C:\Program Files\Ustpn\
Important:
your version of java is outdated
* Download the latest version of Java Runtime Environment (JRE) 5.0 Update 7 .http://java.sun.com/javase/downloads/index.jsp
* Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on jre-1_5_0_07-windowsi586-p.exe to install the newest version.
This message has been edited since posting. Last time this message was edited on 8. August 2006 @ 09:54
|
|
Bronco09
Suspended due to non-functional email address
|
8. August 2006 @ 13:56 |
Link to this message
|
|
okay i have done everything mentioned above, what do i do now?
|
|
Advertisement
|
|
|
|
maca1
Senior Member
|
8. August 2006 @ 15:17 |
Link to this message
|
Lets do this to see if anything's remaining
Please go HERE http://www.pandasoftware.com/products/activescan.htm to run Panda's ActiveScan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
post panda report and new HjT log
This message has been edited since posting. Last time this message was edited on 8. August 2006 @ 15:22
|
