Jump to content


Photo

Recurring Trojans


  • This topic is locked This topic is locked
10 replies to this topic

#1 nnurdic

nnurdic

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 June 2007 - 08:25 AM

Hi. I'm currently having problems with recurring trojan adclickers, errorsafe, and winfixer (according to my Symantec Auto-protect) every time I start up my computer. My auto-protect says it deletes them, but it does so every time I have to start up. I also get pop ups every time I open explorer or firefox. One particular pop up is one of WinAntiVirus Pro 2007. At about 75% of my Kaspersky online scan, I get a problem message from Internet Explorer saying "The following add-on (mesow83122.dll) was running when this problem occured"

Here are my scan logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:14:17 PM 6/28/2007

+ Scan result:



C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124261.dll -> Adware.Aws : No action taken.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124259.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124260.exe -> Dropper.Agent.bfr : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt -> TrackingCookie.Goclick : No action taken.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\LocalService\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end


and the Kaspersky online scan:


KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 6:12:54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/06/2007
Kaspersky Anti-Virus database records: 355124
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 84995
Number of viruses found 19
Number of infected objects 79
Number of suspicious objects 0
Duration of the scan process 02:58:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200001\46A3B463.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200002\46A3B4F3.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80000\4DF92656.VBN Infected: Trojan.Java.ClassLoader.z skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80001\4DF926C2.VBN Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80002\4DF92733.VBN Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80003\4DF927B2.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80004\4DF92828.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80006\4DF92880.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80007\4DF92895.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80008\4DF928A8.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80009\4DF928C0.VBN Infected: Trojan-Downloader.Win32.Small.btj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000A\4DF928D1.VBN Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000C\4DF928F6.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000D\4DF92909.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000E\4DF9291C.VBN Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000F\4DF9292F.VBN Infected: Trojan-Downloader.Win32.Small.btj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80010\4DF92940.VBN Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000\4ECE7DB2.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001\4ECE7F0B.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40000\4EF6B7AB.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40001\4EF6B7F7.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40002\4EF6B8A9.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0000\4EFE7FEF.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0001\4EFE8025.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0002\4EFE8234.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0003\4EFEA446.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0004\4EFEA4B1.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0005.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0006\4EFEE17B.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0007\4EFEE1AC.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4FC6DD57.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4FC6DE23.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002\4FC6DEB7.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4FF2F727.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700001\4FF2F79E.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700002\4FF2F7C9.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80000\4FAB019D.VBN Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80001\4FAB01A5.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C100000\4E93F63C.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140000\4E953B16.VBN Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4E953B27.VBN Infected: Rootkit.Win32.Agent.eq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002\4E953B38.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140005.VBN Infected: Trojan.Win32.Agent.apt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000000\4F813E05.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000001\4F8149EE.VBN Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000002\4F815A91.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4F9DB068.VBN Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN CryptZ: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/Worker.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN CryptZ: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007062820070629\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_b08.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0170NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0579NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124259.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP654\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\W3\626wr.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


finally the HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 6:18:05 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


note: this is an edit to a topic I made after reading the FAQ.

Edited by nnurdic, 28 June 2007 - 05:20 PM.


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 04 July 2007 - 08:46 AM

Hi,

Please rename HijackThis.exe to Myfix.exe run it and submit a fresh HijackThis log for my review.

Let me know what problems persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 nnurdic

nnurdic

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 July 2007 - 11:02 AM

When I open Mozilla Firefox, my AVG Anti-Spyware is detecting a file named "Hijacker.small.jf" in C:/WINDOWS/acdt-pid67N.exe and I get a message titled "Windows Script Host" that says the following:

Windows Script Host
script: C:/Program files/func.jr
line: 76
char: 1
error: the system cannot find the file specified
code: 80070002
source: (null)

My auto protect is still detecting the trojan adclicker under the file name "func.exe", but not the others that I mentioned before. I still get popups when I open Internet Explorer only.

Here's my hijackthis log after renaming the exe to Myfix.exe:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:50 AM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\PROGRA~1\SPYWAR~2\SPYWAR~1.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis\Myfix.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lgpihexx.dll
O2 - BHO: (no name) - {2ECD4967-28EF-4DC5-96DA-7F3487835DD0} - C:\Program Files\Windows Media Player\mesow83122.dll
O2 - BHO: (no name) - {A16F24F1-803F-4158-B8AB-6620343AA74C} - C:\WINDOWS\system32\ddcyx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: wincr - C:\WINDOWS\ServicePackFiles\wincr.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 04 July 2007 - 03:15 PM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download Atribune's VundoFix.exe from this site:
http://www.atribune..../click.php?id=4 and place it on your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click YES

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click OK.

=*=

Disable AVG Anti-Spyware (formerly ewido):
Please disable AVG Anti-Spyware, as it may interfere with the fix.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.
Once your log is clean you can re-enable Ewido.

Please set your system to show all files;
To delete the files/folders in the next steps, you may need to show hidden Files/Folders: How to.
At the end of the fix you can return the files to hidden status if you want..


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lgpihexx.dll
O2 - BHO: (no name) - {2ECD4967-28EF-4DC5-96DA-7F3487835DD0} - C:\Program Files\Windows Media Player\mesow83122.dll
O2 - BHO: (no name) - {A16F24F1-803F-4158-B8AB-6620343AA74C} - C:\WINDOWS\system32\ddcyx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: wincr - C:\WINDOWS\ServicePackFiles\wincr.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.

Delete these files/Folders in bold if found.

Files
C:\WINDOWS\system32\lgpihexx.dll
C:\Program Files\Windows Media Player\mesow83122.dll
C:\WINDOWS\system32\ddcyx.dll

Folders
C:\PROGRA~1\Crawler\
C:\PROGRA~1\FlashGet\

Restart the computer to reset the registry.

=*=

Enable AVG Anti-Spyware (formerly ewido):

Your current version of JAVA may be outdated and vulnerable to this type of infection, please update.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions. <- important.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
=*=

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 nnurdic

nnurdic

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 July 2007 - 07:16 PM

There are no problems when opening firefox and internet explorer now. The auto-protect no longer goes off and alerts me of any risks. The only thing I'm concerned about now is that every time I boot up my computer, before coming to the desktop, I get a message that says my Spyware Terminator is deleting 1 file, but says that it was not able to.

Here are the logs you asked for:

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 4:37:19 PM 7/4/2007

Listing files found while scanning....

C:\windows\system32\auuknqas.ini
C:\WINDOWS\system32\ddcyx.dll
C:\windows\system32\eugntsqq.dll
C:\windows\system32\hedjquun.ini
C:\windows\system32\hrgaplrl.ini
C:\windows\system32\ijufqnit.ini
C:\WINDOWS\system32\lgpihexx.dll
C:\windows\system32\lrlpagrh.dll
C:\windows\system32\nuuqjdeh.dll
C:\windows\system32\oqutltjr.ini
C:\windows\system32\qqstngue.ini
C:\windows\system32\rjtltuqo.dll
C:\windows\system32\saqnkuua.dll
C:\windows\system32\tinqfuji.dll
C:\windows\system32\xycdd.bak1
C:\windows\system32\xycdd.ini
C:\windows\system32\xycdd.tmp

Beginning removal...

Attempting to delete C:\windows\system32\auuknqas.ini
C:\windows\system32\auuknqas.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Has been deleted!

Attempting to delete C:\windows\system32\eugntsqq.dll
C:\windows\system32\eugntsqq.dll Has been deleted!

Attempting to delete C:\windows\system32\hedjquun.ini
C:\windows\system32\hedjquun.ini Has been deleted!

Attempting to delete C:\windows\system32\hrgaplrl.ini
C:\windows\system32\hrgaplrl.ini Has been deleted!

Attempting to delete C:\windows\system32\ijufqnit.ini
C:\windows\system32\ijufqnit.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgpihexx.dll
C:\WINDOWS\system32\lgpihexx.dll Has been deleted!

Attempting to delete C:\windows\system32\lrlpagrh.dll
C:\windows\system32\lrlpagrh.dll Has been deleted!

Attempting to delete C:\windows\system32\nuuqjdeh.dll
C:\windows\system32\nuuqjdeh.dll Has been deleted!

Attempting to delete C:\windows\system32\oqutltjr.ini
C:\windows\system32\oqutltjr.ini Has been deleted!

Attempting to delete C:\windows\system32\qqstngue.ini
C:\windows\system32\qqstngue.ini Has been deleted!

Attempting to delete C:\windows\system32\rjtltuqo.dll
C:\windows\system32\rjtltuqo.dll Has been deleted!

Attempting to delete C:\windows\system32\saqnkuua.dll
C:\windows\system32\saqnkuua.dll Has been deleted!

Attempting to delete C:\windows\system32\tinqfuji.dll
C:\windows\system32\tinqfuji.dll Has been deleted!

Attempting to delete C:\windows\system32\xycdd.bak1
C:\windows\system32\xycdd.bak1 Has been deleted!

Attempting to delete C:\windows\system32\xycdd.ini
C:\windows\system32\xycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!




Here's the DrWeb report

backup-20070704-165331-200.dll;C:\Documents and Settings\Owner\Desktop\HiJackThis\backups;Adware.Websearch;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
A0124237.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP649;Trojan.Virtumod;Deleted.;
A0124259.exe;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Trojan.DownLoader.24772;Deleted.;
A0124260.exe;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Trojan.MulDrop.6135;Deleted.;
A0124261.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Adware.Aws;Incurable.Moved.;
A0124471.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124472.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124476.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Juan;Deleted.;
A0124477.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124478.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124481.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124482.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124483.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;
A0124493.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Adware.Websearch;Incurable.Moved.;
ddcyx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
eugntsqq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
lgpihexx.dll.bad;C:\VundoFix Backups;Trojan.Juan;Deleted.;
lrlpagrh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nuuqjdeh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
rjtltuqo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
saqnkuua.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
tinqfuji.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
tsbwsspc.exe;C:\WINDOWS\system32;Trojan.Click.2799;Deleted.;
626wr.exe;C:\WINDOWS\system32\W3;Trojan.DownLoader.25802;Deleted.;




Finally the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:30 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis\Myfix.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DF86FD7-491E-4AB8-9D2C-39874AACB6F7} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 05 July 2007 - 07:15 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable AVG Anti-Spyware (formerly ewido):

Please disable AVG Anti-Spyware, as it may interfere with the fix.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

Once your log is clean you can re-enable Ewido.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {2DF86FD7-491E-4AB8-9D2C-39874AACB6F7} - C:\WINDOWS\system32\ddcyx.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.

If still seeing a message from Spyware Terminator.

Let me know the name of the file.

I suspect that you still have some remnant items in the registry.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 nnurdic

nnurdic

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2007 - 11:57 AM

No information about the file that my Spyware Terminator was trying to delete is given. I ran the Spyware Terminator program and then the AVG Anti-Spyware program to see if I could find anything. Here are the reports for them:


Scan Progress (Full Scan)
Start time: 7/5/2007 10:08:25 AM
Database: 1.0.837.593

Processes Scanning
PowerProfile : c:\windows\system32\POWRPROF.dll
Explorer : C:\WINDOWS\Explorer.EXE
Shdocvw : C:\WINDOWS\system32\SHDOCVW.dll
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
KBD : C:\HP\KBD\KBD.EXE
UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
VTTimer : VTTimer.exe
VTTimer : C:\WINDOWS\system32\VTTimer.exe
iTunes : C:\Program Files\iTunes\iTunesHelper.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
AOL Instant Messenger : C:\Program Files\AIM\aim.exe
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Startup Scanning
AIM : C:\PROGRAM FILES\AIM+\AIM+.EXE
Creative Detector : C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe
RealSched : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
RealSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TkBellExe
HPHUPD05 : c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
KBD : C:\HP\KBD\KBD.EXE
KBD : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KBD
UpdateManager : C:\PROGRAM FILES\COMMON FILES\SONIC\UPDATE MANAGER\SGTRAY.EXE
UpdateManager : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateManager
VTTimer : C:\WINDOWS\system32\VTTimer.exe
LTMSG : C:\WINDOWS\LTMSG.EXE
iTunes : C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
iTunes : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iTunesHelper
QuickTimeTask : C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
QuickTimeTask : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuickTime Task
SymantecAntivirus : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp
SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe
SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vptray
!AVG Anti-Spyware : C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE
SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched
Explorer : C:\WINDOWS\Explorer.exe
Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Toolbars Scanning
YahooToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Shdocvw : C:\WINDOWS\System32\shdocvw.dll
Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
Shdocvw : HKCR\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}
Shdocvw : explorer.exe PID: 1516
Shdocvw : avgas.exe PID: 1180
Shdocvw : SpywareTerminator.exe PID: 3952
Browser Helper Objects Scanning
YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
IE Explorer Bars
IE Extensions
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Services Scanning
Unreadable Binary Files : C:\WINDOWS\System32\DRIVERS\atapi.sys
Unreadable Binary Files : HKLM\SYSTEM\CurrentControlSet\Services\atapi
ccEvtMgr : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
ccEvtMgr : HKLM\SYSTEM\CurrentControlSet\Services\ccEvtMgr
Spyware Terminator : C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\FILEOBJINFO.SYS
Spyware Terminator : HKLM\SYSTEM\CurrentControlSet\Services\FileObjInfo
Protocol filters Scanning
Protocol handlers Scanning
WinSock2 Scanning
Uninstallers Scanning
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\05E21449-3BA3-42BF-BBDA-95205F4EA40A\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\2FDCC229-354D-4279-ABEF-CE17E355BFFA\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\75528D5F-DD82-402E-BA7C-045B7DC6A712\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\8A225900-C06D-41DD-B66C-43840D472758\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\UNINSTALL.EXE
C:\WINDOWS\ISUNINST.EXE
C:\PROGRAM FILES\AIM+\UNINST.EXE
C:\PROGRAM FILES\AIM\UNINSTLL.EXE
C:\PROGRAM FILES\AUDIBLE\BIN\UPGRADE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C:\WINDOWS\BWUNIN-6.2.3.66L.EXE
C:\WINDOWS\bnetunin.exe
C:\Program Files\BitTornado\uninst.exe
C:\PROGRAM FILES\BITTORRENT\UNINSTALL.EXE
C:\PROGRAM FILES\WEBTEH\BSPLAYER\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\C679AA5F-C2C8-4EA8-9CD1-504A39AEC264\UNINSTALL.EXE
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
C:\NEVERWINTERNIGHTS\NWN\UNINS001.EXE
Inoinstaller : C:\NEVERWINTERNIGHTS\NWN\UNINS001.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CEP v1.52_is1
C:\Program Files\Compaq Instant Support\UNWISE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
C:\WINDOWS\diabunin.exe
C:\PROGRAM FILES\WINAMP\EMUSIC\UNINST-EMUSIC-PROMOTION.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\F07504C6-20C5-4BFE-83A0-523FB2455E72\UNINSTALL.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\FA7F5211-C629-4711-BD82-7DFFB08CB518\UNINSTALL.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe \uninstall
C:\PROGRAM FILES\HP\DIGITAL IMAGING\UNINSTALL\HPZSCR01.EXE
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
C:\Program Files\InterActual\InterActual Player\inuninst.exe
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB883939$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890923$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB893066$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893086$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB894391$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896688$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896727$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898458$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899588$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901190$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB903235$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905915$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912812$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918118$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918899$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB919007$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920213$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920670$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920683$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920685$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920872$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921398$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922582$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922616$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922760$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922819$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923191$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923689$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923694$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923723$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923980$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924191$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924270$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924496$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924667$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925454$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925486$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925902$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB926255$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB926436$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927779$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927802$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927891$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB928090$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB928255$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB928843$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929123$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929338$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929969$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB930178$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB930916$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931261$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931768$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931784$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931836$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB932168$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB933566$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB935839$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB935840$\SPUNINST\SPUNINST.EXE
C:\HP\KBD\KBD.EXE
KBD : C:\HP\KBD\KBD.EXE
KBD : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KBD
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LSETUP.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
FireFox : C:\Program Files\Mozilla Firefox\uninstall\helper.exe
FireFox : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.4)
C:\WINDOWS\INF\MSNINST.INF
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights™ Kingmaker.exe
C:\WINDOWS\SYSTEM32\NVUGART.EXE
C:\WINDOWS\SYSTEM32\ASUNINST.EXE
C:\WINDOWS\system32\SETUPAPI.DLL
C:\WINDOWS\SYSTEM32\PS2.EXE
PS2 : C:\WINDOWS\SYSTEM32\PS2.EXE
PS2 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PS2
C:\Python22\Lib\site-packages\UnWisePW32.exe
C:\PYTHON22\UNWISE.EXE
C:\PROGRAM FILES\QUICKSFV\QSFVUNST.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\R1PUNINST.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\system32\VTSETVGA.EXE
C:\WINDOWS\INF\SWFLASH.INF
C:\Program Files\interMute\SpamSubtract\UNWISE.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\MTSAXINSTALLER.EXE
C:\Program Files\VideoLAN\VLC\uninstall.exe
C:\WINDOWS\system32\VUINS32.DLL
C:\WINDOWS\system32\VTUNINST.EXE
C:\PROGRAM FILES\WINAMP\UNINSTWA.EXE
WinAmp media player : C:\PROGRAM FILES\WINAMP\UNINSTWA.EXE
WinAmp media player : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE
C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
C:\Program Files\WinRAR\uninstall.exe
WinRAR : C:\Program Files\WinRAR\uninstall.exe
WinRAR : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
C:\PROGRAM FILES\MICROSOFT WORKS SUITE 2000\SETUP\LAUNCHER.EXE
C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
C:\PROGRAM FILES\HP\DIGITAL IMAGING\{15B9DC72-73F9-4D99-9E28-848D66DA8D99}\SETUP\HPZSCR01.EXE
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\SETUP.EXE
C:\PROGRAM FILES\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\SETUP\HPZSCR01.EXE
C:\NeverwinterNights\NWN\unins000.exe
C:\PROGRAM FILES\DIVX\DIVXCODECUNINSTALL.EXE
C:\WINDOWS\SYSTEM32\IALMREM.DLL
C:\PROGRAM FILES\DIVX\DIVXPLAYERUNINSTALL.EXE
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{98E8A2EF-4EAE-43B8-A172-74842B764777}\SETUP.EXE
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
C:\PROGRAM FILES\HP\DIGITAL IMAGING\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\SETUP\HPZSCR01.EXE
Start Menu Scanning
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
SynchronizationManager : C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk
Explorer : C:\WINDOWS\explorer.exe
Explorer : C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk
WinAmp media player : C:\Program Files\Winamp\UninstWA.exe
WinAmp media player : C:\Documents and Settings\Owner\Start Menu\Programs\Winamp\Uninstall Winamp.lnk
WinAmp media player : C:\Program Files\Winamp\winamp.exe
WinAmp media player : C:\Documents and Settings\Owner\Start Menu\Programs\Winamp\Winamp.lnk
WinRAR : C:\Program Files\WinRAR\WinRAR.exe
WinRAR : C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR\WinRAR.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
iTunes : C:\Program Files\iTunes\iTunes.exe
iTunes : C:\Documents and Settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk
StartWingMan : C:\Program Files\Logitech\Profiler\LWEmon.exe
StartWingMan : C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Gaming Software\Launch Logitech Gaming Software.lnk
FireFox : C:\Program Files\Mozilla Firefox\firefox.exe
FireFox : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
FireFox : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
MessengerService : C:\Program Files\Messenger\msmsgs.exe
MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Online Services\Windows Messenger.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Spyware Terminator.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Uninstall Spyware Terminator.lnk
MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
WinRAR : C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR\WinRAR.lnk
Desktop Scanning
Favorites Scanning
Cookies Scanning
Affiliate tracking cookie : .ssl-hints.netflame.cc
Affiliate tracking cookie : shop.trendmicro.com
Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt
Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@hitbox[3].txt
Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt
Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt
Registry Scanning
AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Crawler Toolbar : HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
MSDXM : HKCR\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}
MSDXM : C:\WINDOWS\system32\msdxm.ocx
Flashget : HKCU\Software\JetCar
SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Files Scanning
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\..\Application Data\Spyware Terminator\sp_rsdel.exe
Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
WinampAgent : C:\Program Files\Winamp\winampa.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
iTunes : C:\Program Files\iTunes\iTunesHelper.exe
iTunes : C:\Program Files\iTunes\iTunes.exe
MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
PS2 : C:\WINDOWS\system32\ps2.exe
KBD : c:\HP\KBD\KBD.EXE
HPHmon : C:\WINDOWS\system32\hphmon05.exe
HPSysDrv : C:\WINDOWS\system\hpsysdrv.exe
MSMoney : C:\Program Files\Microsoft Money\System\mnyexpr.exe
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
ALCXMNTR : C:\WINDOWS\ALCXMNTR.EXE
AOL Instant Messenger : C:\Program Files\AIM\aim.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
StillImageMonitor : C:\WINDOWS\system32\STIMON.EXE
MSIMED : C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
GrpConv : C:\WINDOWS\system32\grpconv.exe
Recguard : C:\WINDOWS\SMINST\RECGUARD.EXE
StartWingMan : C:\Program Files\Logitech\Profiler\lwemon.exe
MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Wextract : C:\WINDOWS\system32\advpack.dll
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
Explorer : C:\WINDOWS\explorer.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe
MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe
PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
Verclsid : C:\WINDOWS\system32\verclsid.exe
Systray : C:\WINDOWS\system32\systray.exe
comctl32 : C:\WINDOWS\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\comctl32.dll
Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe
FireFox : C:\Program Files\MOZILLA FIREFOX\ACCESSIBLEMARSHAL.DLL
FireFox : C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
FireFox : C:\Program Files\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE
Shockwave Installer : C:\WINDOWS\system32\MACROMED\COMMON\SWSUPPORT.DLL
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
Shockwave Installer : C:\WINDOWS\system32\MACROMED\SHOCKWAVE 10\DYNAPLAYER.DLL
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : C:\WINDOWS\system32\MACROMED\DIRECTOR\SWDIR.DLL
WinAmp media player : C:\WINDOWS\system32\WMVADVD.DLL
WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL
WinAmp media player : C:\WINDOWS\system32\WMDRMNET.DLL
WinAmp media player : C:\WINDOWS\system32\WMDRMDEV.DLL
WinAmp media player : C:\WINDOWS\system32\WPDSP.DLL
WinAmp media player : C:\WINDOWS\system32\WPDCONNS.DLL
WinAmp media player : C:\WINDOWS\system32\WPDMTP.DLL
WinAmp media player : C:\WINDOWS\system32\WPDMTPUS.DLL
WinAmp media player : C:\WINDOWS\system32\PXHPINST.EXE
WinAmp media player : C:\Program Files\WINAMP\PLUGINS\CDDBCONTROLWINAMP.DLL
WinAmp media player : C:\Program Files\WINAMP\PLUGINS\CDDBUIWINAMP.DLL
WinAmp media player : C:\Program Files\WINAMP\WINAMP.EXE
WinAmp media player : C:\Program Files\WINAMP\UNINSTWA.EXE
WinRAR : C:\Program Files\WINRAR\WINRAR.EXE
WinRAR : C:\Program Files\WINRAR\UNINSTALL.EXE
Preparing DeepFile Scan
DeepFiles Scanning
Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
KBD : C:\hp\KBD\kbd.exe
Inoinstaller : C:\NeverwinterNights\NWN\unins001.exe
UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AOL Instant Messenger : C:\Program Files\AIM\aim.exe
MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
iTunes : C:\Program Files\iTunes\iTunes.exe
iTunes : C:\Program Files\iTunes\iTunesHelper.exe
SunJavaUpdateSched : C:\Program Files\Java\jdk1.6.0_02\jre\bin\jusched.exe
SSJava : C:\Program Files\Java\jdk1.6.0_02\jre\bin\ssv.dll
SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
StartWingMan : C:\Program Files\Logitech\Profiler\LWEMon.exe
MessengerService : C:\Program Files\Messenger\msmsgs.exe
MSMoney : C:\Program Files\Microsoft Money\System\mnyexpr.exe
FireFox : C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
FireFox : C:\Program Files\Mozilla Firefox\firefox.exe
FireFox : C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\SpywareBlaster\unins000.exe
SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe
WinAmp media player : C:\Program Files\Winamp\Plugins\CDDBControlWinamp.dll
WinAmp media player : C:\Program Files\Winamp\Plugins\CDDBUIWinamp.dll
WinAmp media player : C:\Program Files\Winamp\UninstWA.exe
WinAmp media player : C:\Program Files\Winamp\winamp.exe
WinampAgent : C:\Program Files\Winamp\winampa.exe
WinRAR : C:\Program Files\WinRAR\Uninstall.exe
WinRAR : C:\Program Files\WinRAR\WinRAR.exe
YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll
ALCXMNTR : C:\WINDOWS\ALCXMNTR.EXE
Explorer : C:\WINDOWS\explorer.exe
MSIMED : C:\WINDOWS\ime\imjp8_1\imjpmig.exe
MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
Recguard : C:\WINDOWS\SMINST\Recguard.exe
HPSysDrv : C:\WINDOWS\system\hpsysdrv.exe
Wextract : C:\WINDOWS\system32\advpack.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe
Systray : C:\WINDOWS\system32\dllcache\systray.exe
PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe
Unreadable Binary Files : C:\WINDOWS\system32\drivers\atapi.sys
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
GrpConv : C:\WINDOWS\system32\grpconv.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe
HPHmon : C:\WINDOWS\system32\hphmon05.exe
Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
Shockwave Installer : C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Director\SwDir.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
PowerProfile : C:\WINDOWS\system32\powrprof.dll
PS2 : C:\WINDOWS\system32\ps2.EXE
WinAmp media player : C:\WINDOWS\system32\pxhpinst.exe
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
StillImageMonitor : C:\WINDOWS\system32\stimon.exe
Systray : C:\WINDOWS\system32\systray.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
WinAmp media player : C:\WINDOWS\system32\WMDRMdev.dll
WinAmp media player : C:\WINDOWS\system32\WMDRMNet.dll
WinAmp media player : C:\WINDOWS\system32\wmvadvd.dll
WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL
WinAmp media player : C:\WINDOWS\system32\wpdconns.dll
WinAmp media player : C:\WINDOWS\system32\wpdmtp.dll
WinAmp media player : C:\WINDOWS\system32\wpdmtpus.dll
WinAmp media player : C:\WINDOWS\system32\wpdsp.dll
comctl32 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Done

Scan Summary:

Total Scanning Time : 4353.11 s
Objects Scanned : 96,879
Objects Identified : 142
Objects Ignored : 0

Critical Objects : 0

Remove Process:

Preparing structures
Remove Affiliate tracking cookie
Deleted File: C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt
Deleted File: C:\Documents and Settings\Owner\cookies\owner@hitbox[3].txt
Deleted File: C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt
Deleted File: C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt



and for the AVG Anti-Spyware:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:41:51 PM 7/5/2007

+ Scan result:



C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0124261.dll -> Adware.Aws : Cleaned.
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0124493.dll -> Adware.TTC : Cleaned.
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\backup-20070704-165331-200.dll -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP661\A0124621.dll -> Adware.TTC : Cleaned.
C:\WINDOWS\system32\W2\mwspasrt83122.exe -> Adware.TTC : Cleaned.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP661\A0124619.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.


::Report end



Interesting thing is that after running these scans, everything seems to be in working order (I don't get the Spyware Terminator message before my desktop appears). Is there anything else I should be looking for?

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 06 July 2007 - 06:33 AM

The error from Spyware Terminator was propably a false positive. Some remant items in the registry that was cleaned with my last fix.

Let me know if the problem returns.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 nnurdic

nnurdic

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2007 - 09:23 AM

I'll let you know if anything happens. I really appreciate the help. Thank you.

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 07 July 2007 - 05:50 AM

The topic should be closed in 10 days.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 19 July 2007 - 08:44 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button