• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
nnurdic

Recurring Trojans

11 posts in this topic

Hi. I'm currently having problems with recurring trojan adclickers, errorsafe, and winfixer (according to my Symantec Auto-protect) every time I start up my computer. My auto-protect says it deletes them, but it does so every time I have to start up. I also get pop ups every time I open explorer or firefox. One particular pop up is one of WinAntiVirus Pro 2007. At about 75% of my Kaspersky online scan, I get a problem message from Internet Explorer saying "The following add-on (mesow83122.dll) was running when this problem occured"

 

Here are my scan logs:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 6:14:17 PM 6/28/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124261.dll -> Adware.Aws : No action taken.

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124259.exe -> Downloader.Agent.bls : No action taken.

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124260.exe -> Dropper.Agent.bfr : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.

:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Burstnet : No action taken.

:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt -> TrackingCookie.Goclick : No action taken.

:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.

:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Netflame : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : No action taken.

:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Reliablestats : No action taken.

C:\Documents and Settings\LocalService\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.

:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Specificclick : No action taken.

:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Specificclick : No action taken.

C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.

:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

 

 

::Report end

 

 

and the Kaspersky online scan:

 

 

KASPERSKY ONLINE SCANNER REPORT

Thursday, June 28, 2007 6:12:54 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 28/06/2007

Kaspersky Anti-Virus database records: 355124

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

Scan Statistics

Total number of scanned objects 84995

Number of viruses found 19

Number of infected objects 79

Number of suspicious objects 0

Duration of the scan process 02:58:07

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200001\46A3B463.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200002\46A3B4F3.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80000\4DF92656.VBN Infected: Trojan.Java.ClassLoader.z skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80001\4DF926C2.VBN Infected: Trojan.Java.ClassLoader.ak skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80002\4DF92733.VBN Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80003\4DF927B2.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80004\4DF92828.VBN Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80006\4DF92880.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80007\4DF92895.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80008\4DF928A8.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80009\4DF928C0.VBN Infected: Trojan-Downloader.Win32.Small.btj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000A\4DF928D1.VBN Infected: Trojan-Downloader.Win32.Small.bmk skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000C\4DF928F6.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000D\4DF92909.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000E\4DF9291C.VBN Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D8000F\4DF9292F.VBN Infected: Trojan-Downloader.Win32.Small.btj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D80010\4DF92940.VBN Infected: Trojan-Downloader.Win32.Small.bmk skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000\4ECE7DB2.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001\4ECE7F0B.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40000\4EF6B7AB.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40001\4EF6B7F7.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF40002\4EF6B8A9.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0000\4EFE7FEF.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0001\4EFE8025.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0002\4EFE8234.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0003\4EFEA446.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0004\4EFEA4B1.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0005.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0006\4EFEE17B.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AFC0007\4EFEE1AC.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4FC6DD57.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4FC6DE23.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002\4FC6DEB7.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4FF2F727.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700001\4FF2F79E.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700002\4FF2F7C9.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80000\4FAB019D.VBN Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80001\4FAB01A5.VBN Infected: Trojan.Win32.Agent.anr skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C100000\4E93F63C.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140000\4E953B16.VBN Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4E953B27.VBN Infected: Rootkit.Win32.Agent.eq skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002\4E953B38.VBN Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140005.VBN Infected: Trojan.Win32.Agent.apt skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000000\4F813E05.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000001\4F8149EE.VBN Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D000002\4F815A91.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000\4F9DB068.VBN Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/Worker.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002.VBN CryptZ: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/NudeBox.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/Worker.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/javautil.zip Infected: Trojan-Downloader.Win32.Small.btj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003.VBN CryptZ: infected - 5 skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\history.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\parent.lock Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\search.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.r61\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.r61\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007062820070629\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_b08.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Owner\My Documents\Carmine\Installations\BSINSTALL.exe WiseSFX Dropper: infected - 3 skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0170NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0579NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651\A0124259.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP654\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\W3\626wr.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

 

finally the HiJackThis log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:18:05 PM, on 6/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AIM+\AIM+.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

C:\Program Files\Internet Explorer\iedw.exe

C:\WINDOWS\system32\dwwin.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

 

note: this is an edit to a topic I made after reading the FAQ.

Edited by nnurdic

Share this post


Link to post
Share on other sites

Hi,

 

Please rename HijackThis.exe to Myfix.exe run it and submit a fresh HijackThis log for my review.

 

Let me know what problems persists.

Share this post


Link to post
Share on other sites

When I open Mozilla Firefox, my AVG Anti-Spyware is detecting a file named "Hijacker.small.jf" in C:/WINDOWS/acdt-pid67N.exe and I get a message titled "Windows Script Host" that says the following:

 

Windows Script Host

script: C:/Program files/func.jr

line: 76

char: 1

error: the system cannot find the file specified

code: 80070002

source: (null)

 

My auto protect is still detecting the trojan adclicker under the file name "func.exe", but not the others that I mentioned before. I still get popups when I open Internet Explorer only.

 

Here's my hijackthis log after renaming the exe to Myfix.exe:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:27:50 AM, on 7/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AIM+\AIM+.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

C:\Program Files\Internet Explorer\iedw.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Real\RealOne Player\RealPlay.exe

C:\Program Files\Real\RealOne Player\RealPlay.exe

C:\PROGRA~1\SPYWAR~2\SPYWAR~1.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis\Myfix.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lgpihexx.dll

O2 - BHO: (no name) - {2ECD4967-28EF-4DC5-96DA-7F3487835DD0} - C:\Program Files\Windows Media Player\mesow83122.dll

O2 - BHO: (no name) - {A16F24F1-803F-4158-B8AB-6620343AA74C} - C:\WINDOWS\system32\ddcyx.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: wincr - C:\WINDOWS\ServicePackFiles\wincr.dll (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please download Atribune's VundoFix.exe from this site:

http://www.atribune.org/ccount/click.php?id=4 and place it on your desktop.

 

Double-click VundoFix.exe to run it.

 

Click the Scan for Vundo button.

 

Once it's done scanning, click the Remove Vundo button.

 

You will receive a prompt asking if you want to remove the files,

click YES

 

Once you click yes, your desktop will go blank as it starts removing

Vundo.

 

When completed, it will prompt that it will reboot your computer,

click OK.

 

=*=

 

Disable AVG Anti-Spyware (formerly ewido):

Please disable AVG Anti-Spyware, as it may interfere with the fix.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

Once your log is clean you can re-enable Ewido.

 

Please set your system to show all files;

To delete the files/folders in the next steps, you may need to show hidden Files/Folders: How to.

At the end of the fix you can return the files to hidden status if you want..

 

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lgpihexx.dll

O2 - BHO: (no name) - {2ECD4967-28EF-4DC5-96DA-7F3487835DD0} - C:\Program Files\Windows Media Player\mesow83122.dll

O2 - BHO: (no name) - {A16F24F1-803F-4158-B8AB-6620343AA74C} - C:\WINDOWS\system32\ddcyx.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll

O20 - Winlogon Notify: wincr - C:\WINDOWS\ServicePackFiles\wincr.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete these files/Folders in bold if found.

 

Files

C:\WINDOWS\system32\lgpihexx.dll

C:\Program Files\Windows Media Player\mesow83122.dll

C:\WINDOWS\system32\ddcyx.dll

 

Folders

C:\PROGRA~1\Crawler\

C:\PROGRA~1\FlashGet\

 

Restart the computer to reset the registry.

 

=*=

 

Enable AVG Anti-Spyware (formerly ewido):

 

Your current version of JAVA may be outdated and vulnerable to this type of infection, please update.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions. <- important.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

=*=

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

 

Let me know what problem persists.

Share this post


Link to post
Share on other sites

There are no problems when opening firefox and internet explorer now. The auto-protect no longer goes off and alerts me of any risks. The only thing I'm concerned about now is that every time I boot up my computer, before coming to the desktop, I get a message that says my Spyware Terminator is deleting 1 file, but says that it was not able to.

 

Here are the logs you asked for:

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

 

Scan started at 4:37:19 PM 7/4/2007

 

Listing files found while scanning....

 

C:\windows\system32\auuknqas.ini

C:\WINDOWS\system32\ddcyx.dll

C:\windows\system32\eugntsqq.dll

C:\windows\system32\hedjquun.ini

C:\windows\system32\hrgaplrl.ini

C:\windows\system32\ijufqnit.ini

C:\WINDOWS\system32\lgpihexx.dll

C:\windows\system32\lrlpagrh.dll

C:\windows\system32\nuuqjdeh.dll

C:\windows\system32\oqutltjr.ini

C:\windows\system32\qqstngue.ini

C:\windows\system32\rjtltuqo.dll

C:\windows\system32\saqnkuua.dll

C:\windows\system32\tinqfuji.dll

C:\windows\system32\xycdd.bak1

C:\windows\system32\xycdd.ini

C:\windows\system32\xycdd.tmp

 

Beginning removal...

 

Attempting to delete C:\windows\system32\auuknqas.ini

C:\windows\system32\auuknqas.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\ddcyx.dll Has been deleted!

 

Attempting to delete C:\windows\system32\eugntsqq.dll

C:\windows\system32\eugntsqq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\hedjquun.ini

C:\windows\system32\hedjquun.ini Has been deleted!

 

Attempting to delete C:\windows\system32\hrgaplrl.ini

C:\windows\system32\hrgaplrl.ini Has been deleted!

 

Attempting to delete C:\windows\system32\ijufqnit.ini

C:\windows\system32\ijufqnit.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lgpihexx.dll

C:\WINDOWS\system32\lgpihexx.dll Has been deleted!

 

Attempting to delete C:\windows\system32\lrlpagrh.dll

C:\windows\system32\lrlpagrh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\nuuqjdeh.dll

C:\windows\system32\nuuqjdeh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\oqutltjr.ini

C:\windows\system32\oqutltjr.ini Has been deleted!

 

Attempting to delete C:\windows\system32\qqstngue.ini

C:\windows\system32\qqstngue.ini Has been deleted!

 

Attempting to delete C:\windows\system32\rjtltuqo.dll

C:\windows\system32\rjtltuqo.dll Has been deleted!

 

Attempting to delete C:\windows\system32\saqnkuua.dll

C:\windows\system32\saqnkuua.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tinqfuji.dll

C:\windows\system32\tinqfuji.dll Has been deleted!

 

Attempting to delete C:\windows\system32\xycdd.bak1

C:\windows\system32\xycdd.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\xycdd.ini

C:\windows\system32\xycdd.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

Here's the DrWeb report

 

backup-20070704-165331-200.dll;C:\Documents and Settings\Owner\Desktop\HiJackThis\backups;Adware.Websearch;Incurable.Moved.;

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;

WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;

A0124237.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP649;Trojan.Virtumod;Deleted.;

A0124259.exe;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Trojan.DownLoader.24772;Deleted.;

A0124260.exe;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Trojan.MulDrop.6135;Deleted.;

A0124261.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP651;Adware.Aws;Incurable.Moved.;

A0124471.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124472.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124476.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Juan;Deleted.;

A0124477.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124478.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124481.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124482.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124483.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Trojan.Virtumod;Deleted.;

A0124493.dll;C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP658;Adware.Websearch;Incurable.Moved.;

ddcyx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

eugntsqq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

lgpihexx.dll.bad;C:\VundoFix Backups;Trojan.Juan;Deleted.;

lrlpagrh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

nuuqjdeh.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

rjtltuqo.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

saqnkuua.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

tinqfuji.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

tsbwsspc.exe;C:\WINDOWS\system32;Trojan.Click.2799;Deleted.;

626wr.exe;C:\WINDOWS\system32\W3;Trojan.DownLoader.25802;Deleted.;

 

 

 

 

Finally the HiJackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:12:30 PM, on 7/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\AIM+\AIM+.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\interMute\SpamSubtract\SpamSub.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis\Myfix.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2DF86FD7-491E-4AB8-9D2C-39874AACB6F7} - C:\WINDOWS\system32\ddcyx.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Disable AVG Anti-Spyware (formerly ewido):

 

Please disable AVG Anti-Spyware, as it may interfere with the fix.

  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an ‘S’ in the system tray.
  • In the Resident Shield section, toggle the AVG Anti-Spyware active protection ‘off’ by clicking Change state which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to Restart the Resident Shield.
  • Reply ‘no’ and set it to ‘inactive’ for the duration of your cleanup.

 

Once your log is clean you can re-enable Ewido.

 

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {2DF86FD7-491E-4AB8-9D2C-39874AACB6F7} - C:\WINDOWS\system32\ddcyx.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally.

 

If still seeing a message from Spyware Terminator.

 

Let me know the name of the file.

 

I suspect that you still have some remnant items in the registry.

Share this post


Link to post
Share on other sites

No information about the file that my Spyware Terminator was trying to delete is given. I ran the Spyware Terminator program and then the AVG Anti-Spyware program to see if I could find anything. Here are the reports for them:

 

 

Scan Progress (Full Scan)

Start time: 7/5/2007 10:08:25 AM

Database: 1.0.837.593

 

Processes Scanning

PowerProfile : c:\windows\system32\POWRPROF.dll

Explorer : C:\WINDOWS\Explorer.EXE

Shdocvw : C:\WINDOWS\system32\SHDOCVW.dll

ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe

KBD : C:\HP\KBD\KBD.EXE

UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

VTTimer : VTTimer.exe

VTTimer : C:\WINDOWS\system32\VTTimer.exe

iTunes : C:\Program Files\iTunes\iTunesHelper.exe

QuickTimeTask : C:\Program Files\QuickTime\qttask.exe

SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe

SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe

SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

AOL Instant Messenger : C:\Program Files\AIM\aim.exe

Ctfmon : C:\WINDOWS\system32\ctfmon.exe

Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe

Startup Scanning

AIM : C:\PROGRAM FILES\AIM+\AIM+.EXE

Creative Detector : C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE

Ctfmon : C:\WINDOWS\system32\ctfmon.exe

Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe

RealSched : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

RealSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TkBellExe

HPHUPD05 : c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

KBD : C:\HP\KBD\KBD.EXE

KBD : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KBD

UpdateManager : C:\PROGRAM FILES\COMMON FILES\SONIC\UPDATE MANAGER\SGTRAY.EXE

UpdateManager : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateManager

VTTimer : C:\WINDOWS\system32\VTTimer.exe

LTMSG : C:\WINDOWS\LTMSG.EXE

iTunes : C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE

iTunes : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iTunesHelper

QuickTimeTask : C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE

QuickTimeTask : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuickTime Task

SymantecAntivirus : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp

SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe

SymantecAntivirus : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vptray

!AVG Anti-Spyware : C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

SunJavaUpdateSched : C:\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE

SunJavaUpdateSched : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched

Explorer : C:\WINDOWS\Explorer.exe

Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell

Toolbars Scanning

YahooToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF99BD32-C1FB-11D2-892F-0090271D4F88}

YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Shdocvw : C:\WINDOWS\System32\shdocvw.dll

Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

Shdocvw : HKCR\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}

Shdocvw : explorer.exe PID: 1516

Shdocvw : avgas.exe PID: 1180

Shdocvw : SpywareTerminator.exe PID: 3952

Browser Helper Objects Scanning

YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}

AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

IE Explorer Bars

IE Extensions

Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll

Services Scanning

Unreadable Binary Files : C:\WINDOWS\System32\DRIVERS\atapi.sys

Unreadable Binary Files : HKLM\SYSTEM\CurrentControlSet\Services\atapi

ccEvtMgr : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

ccEvtMgr : HKLM\SYSTEM\CurrentControlSet\Services\ccEvtMgr

Spyware Terminator : C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYWARE TERMINATOR\FILEOBJINFO.SYS

Spyware Terminator : HKLM\SYSTEM\CurrentControlSet\Services\FileObjInfo

Protocol filters Scanning

Protocol handlers Scanning

WinSock2 Scanning

Uninstallers Scanning

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\05E21449-3BA3-42BF-BBDA-95205F4EA40A\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\2FDCC229-354D-4279-ABEF-CE17E355BFFA\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\75528D5F-DD82-402E-BA7C-045B7DC6A712\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\8A225900-C06D-41DD-B66C-43840D472758\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\UNINSTALL.EXE

C:\WINDOWS\ISUNINST.EXE

C:\PROGRAM FILES\AIM+\UNINST.EXE

C:\PROGRAM FILES\AIM\UNINSTLL.EXE

C:\PROGRAM FILES\AUDIBLE\BIN\UPGRADE.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

C:\WINDOWS\BWUNIN-6.2.3.66L.EXE

C:\WINDOWS\bnetunin.exe

C:\Program Files\BitTornado\uninst.exe

C:\PROGRAM FILES\BITTORRENT\UNINSTALL.EXE

C:\PROGRAM FILES\WEBTEH\BSPLAYER\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\C679AA5F-C2C8-4EA8-9CD1-504A39AEC264\UNINSTALL.EXE

C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

C:\NEVERWINTERNIGHTS\NWN\UNINS001.EXE

Inoinstaller : C:\NEVERWINTERNIGHTS\NWN\UNINS001.EXE

Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CEP v1.52_is1

C:\Program Files\Compaq Instant Support\UNWISE.EXE

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst

C:\WINDOWS\diabunin.exe

C:\PROGRAM FILES\WINAMP\EMUSIC\UNINST-EMUSIC-PROMOTION.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\F07504C6-20C5-4BFE-83A0-523FB2455E72\UNINSTALL.EXE

C:\PROGRAM FILES\WILDTANGENT\APPS\GAMECHANNEL\GAMES\FA7F5211-C629-4711-BD82-7DFFB08CB518\UNINSTALL.EXE

C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe \uninstall

C:\PROGRAM FILES\HP\DIGITAL IMAGING\UNINSTALL\HPZSCR01.EXE

C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe

C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE

C:\Program Files\InterActual\InterActual Player\inuninst.exe

C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

C:\WINDOWS\$NTUNINSTALLKB883939$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB890923$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

C:\WINDOWS\$NTUNINSTALLKB893066$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB893086$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$MSI31UNINSTALL_KB893803$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB894391$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896688$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB896727$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB898458$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB899588$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB901190$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB903235$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB905915$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB912812$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB917422$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB918118$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB918899$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB919007$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920213$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920214$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920670$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920683$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920685$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB920872$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB921398$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB922582$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB922616$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB922760$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB922819$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923191$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923414$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923689$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923694$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923723$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB923980$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB924191$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB924270$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB924496$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB924667$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB925454$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB925486$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB925902$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB926255$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB926436$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB927779$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB927802$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB927891$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB928090$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB928255$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB928843$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB929123$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB929338$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB929969$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB930178$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB930916$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB931261$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB931768$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB931784$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB931836$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB932168$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB933566$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB935839$\SPUNINST\SPUNINST.EXE

C:\WINDOWS\$NTUNINSTALLKB935840$\SPUNINST\SPUNINST.EXE

C:\HP\KBD\KBD.EXE

KBD : C:\HP\KBD\KBD.EXE

KBD : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KBD

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LSETUP.EXE

C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE

Shockwave Installer : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

FireFox : C:\Program Files\Mozilla Firefox\uninstall\helper.exe

FireFox : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.4)

C:\WINDOWS\INF\MSNINST.INF

C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights Kingmaker.exe

C:\WINDOWS\SYSTEM32\NVUGART.EXE

C:\WINDOWS\SYSTEM32\ASUNINST.EXE

C:\WINDOWS\system32\SETUPAPI.DLL

C:\WINDOWS\SYSTEM32\PS2.EXE

PS2 : C:\WINDOWS\SYSTEM32\PS2.EXE

PS2 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PS2

C:\Python22\Lib\site-packages\UnWisePW32.exe

C:\PYTHON22\UNWISE.EXE

C:\PROGRAM FILES\QUICKSFV\QSFVUNST.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\R1PUNINST.EXE

C:\WINDOWS\SYSTEM32\MSIEXEC.EXE

C:\WINDOWS\system32\VTSETVGA.EXE

C:\WINDOWS\INF\SWFLASH.INF

C:\Program Files\interMute\SpamSubtract\UNWISE.EXE

C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE

Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE

Inoinstaller : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE

Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1

Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1

C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE

Inoinstaller : C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE

Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\MTSAXINSTALLER.EXE

C:\Program Files\VideoLAN\VLC\uninstall.exe

C:\WINDOWS\system32\VUINS32.DLL

C:\WINDOWS\system32\VTUNINST.EXE

C:\PROGRAM FILES\WINAMP\UNINSTWA.EXE

WinAmp media player : C:\PROGRAM FILES\WINAMP\UNINSTWA.EXE

WinAmp media player : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE

C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

C:\Program Files\WinRAR\uninstall.exe

WinRAR : C:\Program Files\WinRAR\uninstall.exe

WinRAR : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

C:\PROGRAM FILES\MICROSOFT WORKS SUITE 2000\SETUP\LAUNCHER.EXE

C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

C:\PROGRAM FILES\HP\DIGITAL IMAGING\{15B9DC72-73F9-4D99-9E28-848D66DA8D99}\SETUP\HPZSCR01.EXE

C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\SETUP.EXE

C:\PROGRAM FILES\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\SETUP\HPZSCR01.EXE

C:\NeverwinterNights\NWN\unins000.exe

C:\PROGRAM FILES\DIVX\DIVXCODECUNINSTALL.EXE

C:\WINDOWS\SYSTEM32\IALMREM.DLL

C:\PROGRAM FILES\DIVX\DIVXPLAYERUNINSTALL.EXE

C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{98E8A2EF-4EAE-43B8-A172-74842B764777}\SETUP.EXE

C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

C:\PROGRAM FILES\HP\DIGITAL IMAGING\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\SETUP\HPZSCR01.EXE

Start Menu Scanning

SynchronizationManager : C:\WINDOWS\system32\mobsync.exe

SynchronizationManager : C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk

Explorer : C:\WINDOWS\explorer.exe

Explorer : C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk

WinAmp media player : C:\Program Files\Winamp\UninstWA.exe

WinAmp media player : C:\Documents and Settings\Owner\Start Menu\Programs\Winamp\Uninstall Winamp.lnk

WinAmp media player : C:\Program Files\Winamp\winamp.exe

WinAmp media player : C:\Documents and Settings\Owner\Start Menu\Programs\Winamp\Winamp.lnk

WinRAR : C:\Program Files\WinRAR\WinRAR.exe

WinRAR : C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR\WinRAR.lnk

Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk

Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk

iTunes : C:\Program Files\iTunes\iTunes.exe

iTunes : C:\Documents and Settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk

StartWingMan : C:\Program Files\Logitech\Profiler\LWEmon.exe

StartWingMan : C:\Documents and Settings\All Users\Start Menu\Programs\Logitech\Gaming Software\Launch Logitech Gaming Software.lnk

FireFox : C:\Program Files\Mozilla Firefox\firefox.exe

FireFox : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk

FireFox : C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk

MessengerService : C:\Program Files\Messenger\msmsgs.exe

MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Online Services\Windows Messenger.lnk

Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe

Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Spyware Terminator.lnk

Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe

Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe

Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Uninstall Spyware Terminator.lnk

MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

WinRAR : C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR\WinRAR.lnk

Desktop Scanning

Favorites Scanning

Cookies Scanning

Affiliate tracking cookie : .ssl-hints.netflame.cc

Affiliate tracking cookie : shop.trendmicro.com

Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt

Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@hitbox[3].txt

Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt

Affiliate tracking cookie : C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt

Registry Scanning

AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Crawler Toolbar : HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}

MSDXM : HKCR\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}

MSDXM : C:\WINDOWS\system32\msdxm.ocx

Flashget : HKCU\Software\JetCar

SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

Files Scanning

Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe

Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe

Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll

Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe

Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\..\Application Data\Spyware Terminator\sp_rsdel.exe

Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

WinampAgent : C:\Program Files\Winamp\winampa.exe

MessengerService : C:\Program Files\Messenger\msmsgs.exe

Ctfmon : C:\WINDOWS\system32\ctfmon.exe

YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

IgfxTray : C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe

SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe

SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe

SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

QuickTimeTask : C:\Program Files\QuickTime\qttask.exe

UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

iTunes : C:\Program Files\iTunes\iTunesHelper.exe

iTunes : C:\Program Files\iTunes\iTunes.exe

MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

PS2 : C:\WINDOWS\system32\ps2.exe

KBD : c:\HP\KBD\KBD.EXE

HPHmon : C:\WINDOWS\system32\hphmon05.exe

HPSysDrv : C:\WINDOWS\system\hpsysdrv.exe

MSMoney : C:\Program Files\Microsoft Money\System\mnyexpr.exe

UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

SynchronizationManager : C:\WINDOWS\system32\mobsync.exe

ALCXMNTR : C:\WINDOWS\ALCXMNTR.EXE

AOL Instant Messenger : C:\Program Files\AIM\aim.exe

MSDXM : C:\WINDOWS\system32\msdxm.ocx

RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe

ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

StillImageMonitor : C:\WINDOWS\system32\STIMON.EXE

MSIMED : C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

GrpConv : C:\WINDOWS\system32\grpconv.exe

Recguard : C:\WINDOWS\SMINST\RECGUARD.EXE

StartWingMan : C:\Program Files\Logitech\Profiler\lwemon.exe

MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

Wextract : C:\WINDOWS\system32\advpack.dll

KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe

Explorer : C:\WINDOWS\explorer.exe

PowerProfile : C:\WINDOWS\system32\powrprof.dll

BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl

SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

Shdocvw : C:\WINDOWS\system32\shdocvw.dll

PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe

MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe

PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

Verclsid : C:\WINDOWS\system32\verclsid.exe

Systray : C:\WINDOWS\system32\systray.exe

comctl32 : C:\WINDOWS\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\comctl32.dll

Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe

FireFox : C:\Program Files\MOZILLA FIREFOX\ACCESSIBLEMARSHAL.DLL

FireFox : C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE

FireFox : C:\Program Files\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE

Shockwave Installer : C:\WINDOWS\system32\MACROMED\COMMON\SWSUPPORT.DLL

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll

Shockwave Installer : C:\WINDOWS\system32\MACROMED\SHOCKWAVE 10\DYNAPLAYER.DLL

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE

Shockwave Installer : C:\WINDOWS\system32\MACROMED\DIRECTOR\SWDIR.DLL

WinAmp media player : C:\WINDOWS\system32\WMVADVD.DLL

WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL

WinAmp media player : C:\WINDOWS\system32\WMDRMNET.DLL

WinAmp media player : C:\WINDOWS\system32\WMDRMDEV.DLL

WinAmp media player : C:\WINDOWS\system32\WPDSP.DLL

WinAmp media player : C:\WINDOWS\system32\WPDCONNS.DLL

WinAmp media player : C:\WINDOWS\system32\WPDMTP.DLL

WinAmp media player : C:\WINDOWS\system32\WPDMTPUS.DLL

WinAmp media player : C:\WINDOWS\system32\PXHPINST.EXE

WinAmp media player : C:\Program Files\WINAMP\PLUGINS\CDDBCONTROLWINAMP.DLL

WinAmp media player : C:\Program Files\WINAMP\PLUGINS\CDDBUIWINAMP.DLL

WinAmp media player : C:\Program Files\WINAMP\WINAMP.EXE

WinAmp media player : C:\Program Files\WINAMP\UNINSTWA.EXE

WinRAR : C:\Program Files\WINRAR\WINRAR.EXE

WinRAR : C:\Program Files\WINRAR\UNINSTALL.EXE

Preparing DeepFile Scan

DeepFiles Scanning

Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

KBD : C:\hp\KBD\kbd.exe

Inoinstaller : C:\NeverwinterNights\NWN\unins001.exe

UpdateMgr : C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

AOL Instant Messenger : C:\Program Files\AIM\aim.exe

MsgCenter : C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

RealSched : C:\Program Files\Common Files\Real\Update_OB\realsched.exe

UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

SymantecAntivirus : C:\Program Files\Common Files\Symantec Shared\ccApp.exe

ccEvtMgr : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

iTunes : C:\Program Files\iTunes\iTunes.exe

iTunes : C:\Program Files\iTunes\iTunesHelper.exe

SunJavaUpdateSched : C:\Program Files\Java\jdk1.6.0_02\jre\bin\jusched.exe

SSJava : C:\Program Files\Java\jdk1.6.0_02\jre\bin\ssv.dll

SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

SSJava : C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

StartWingMan : C:\Program Files\Logitech\Profiler\LWEMon.exe

MessengerService : C:\Program Files\Messenger\msmsgs.exe

MSMoney : C:\Program Files\Microsoft Money\System\mnyexpr.exe

FireFox : C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll

FireFox : C:\Program Files\Mozilla Firefox\firefox.exe

FireFox : C:\Program Files\Mozilla Firefox\uninstall\helper.exe

QuickTimeTask : C:\Program Files\QuickTime\qttask.exe

Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll

Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe

Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe

Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe

Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe

Inoinstaller : C:\Program Files\SpywareBlaster\unins000.exe

SymantecAntivirus : C:\Program Files\Symantec AntiVirus\VPTray.exe

WinAmp media player : C:\Program Files\Winamp\Plugins\CDDBControlWinamp.dll

WinAmp media player : C:\Program Files\Winamp\Plugins\CDDBUIWinamp.dll

WinAmp media player : C:\Program Files\Winamp\UninstWA.exe

WinAmp media player : C:\Program Files\Winamp\winamp.exe

WinampAgent : C:\Program Files\Winamp\winampa.exe

WinRAR : C:\Program Files\WinRAR\Uninstall.exe

WinRAR : C:\Program Files\WinRAR\WinRAR.exe

YahooToolbar : C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll

ALCXMNTR : C:\WINDOWS\ALCXMNTR.EXE

Explorer : C:\WINDOWS\explorer.exe

MSIMED : C:\WINDOWS\ime\imjp8_1\imjpmig.exe

MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

Recguard : C:\WINDOWS\SMINST\Recguard.exe

HPSysDrv : C:\WINDOWS\system\hpsysdrv.exe

Wextract : C:\WINDOWS\system32\advpack.dll

BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl

Ctfmon : C:\WINDOWS\system32\ctfmon.exe

MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe

Systray : C:\WINDOWS\system32\dllcache\systray.exe

PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe

Unreadable Binary Files : C:\WINDOWS\system32\drivers\atapi.sys

KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe

GrpConv : C:\WINDOWS\system32\grpconv.exe

HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe

HPHmon : C:\WINDOWS\system32\hphmon05.exe

Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe

IgfxTray : C:\WINDOWS\system32\igfxtray.exe

PHIME2002A : C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

Shockwave Installer : C:\WINDOWS\system32\Macromed\Common\SwSupport.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Director\SwDir.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll

Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE

SynchronizationManager : C:\WINDOWS\system32\mobsync.exe

MSDXM : C:\WINDOWS\system32\msdxm.ocx

PowerProfile : C:\WINDOWS\system32\powrprof.dll

PS2 : C:\WINDOWS\system32\ps2.EXE

WinAmp media player : C:\WINDOWS\system32\pxhpinst.exe

Shdocvw : C:\WINDOWS\system32\shdocvw.dll

StillImageMonitor : C:\WINDOWS\system32\stimon.exe

Systray : C:\WINDOWS\system32\systray.exe

Verclsid : C:\WINDOWS\system32\verclsid.exe

WinAmp media player : C:\WINDOWS\system32\WMDRMdev.dll

WinAmp media player : C:\WINDOWS\system32\WMDRMNet.dll

WinAmp media player : C:\WINDOWS\system32\wmvadvd.dll

WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL

WinAmp media player : C:\WINDOWS\system32\wpdconns.dll

WinAmp media player : C:\WINDOWS\system32\wpdmtp.dll

WinAmp media player : C:\WINDOWS\system32\wpdmtpus.dll

WinAmp media player : C:\WINDOWS\system32\wpdsp.dll

comctl32 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

Done

 

Scan Summary:

 

Total Scanning Time : 4353.11 s

Objects Scanned : 96,879

Objects Identified : 142

Objects Ignored : 0

 

Critical Objects : 0

 

Remove Process:

 

Preparing structures

Remove Affiliate tracking cookie

Deleted File: C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt

Deleted File: C:\Documents and Settings\Owner\cookies\owner@hitbox[3].txt

Deleted File: C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt

Deleted File: C:\Documents and Settings\Owner\cookies\owner@questionmarket[2].txt

 

 

 

and for the AVG Anti-Spyware:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:41:51 PM 7/5/2007

 

+ Scan result:

 

 

 

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0124261.dll -> Adware.Aws : Cleaned.

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0124493.dll -> Adware.TTC : Cleaned.

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\backup-20070704-165331-200.dll -> Adware.TTC : Cleaned.

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP661\A0124621.dll -> Adware.TTC : Cleaned.

C:\WINDOWS\system32\W2\mwspasrt83122.exe -> Adware.TTC : Cleaned.

C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP661\A0124619.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).

C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\LocalService\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.

 

 

::Report end

 

 

 

Interesting thing is that after running these scans, everything seems to be in working order (I don't get the Spyware Terminator message before my desktop appears). Is there anything else I should be looking for?

Share this post


Link to post
Share on other sites

The error from Spyware Terminator was propably a false positive. Some remant items in the registry that was cleaned with my last fix.

 

Let me know if the problem returns.

Share this post


Link to post
Share on other sites

The topic should be closed in 10 days.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0