1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

magicgroceries.net won't go away!

Discussion in 'Virus & Other Malware Removal' started by mamasa, Aug 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    has anyone had the magicgroceries.net popup? it comes up randomly,then keeps returning about every 2 or 3 minutes. sometimes, it brings up a popup from secure.com, which is an antivirus software. i am running windows xp, and have adaware and spyware blaster both running.
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    Logfile of HijackThis v1.99.1
    Scan saved at 12:09:29 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ssttt.dll
    O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\sstqo.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\pmnnn.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [laltin] C:\WINDOWS\system32\L90112201.Stub.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.60/setup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
    O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149474397468
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://www.msishopper.net/Site/ICResources/ImageUploader3.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.11/g_bin_eng/mahjong_2_0_0_6.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v50/h2hpool/h2hpool.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F17E8454-5ED4-42CB-999B-7D53B795B271}: NameServer = 66.73.20.40 206.141.193.55
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\SYSTEM32\pmnnn.dll
    O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Mark Campbell\Desktop\Computer tools\CWShredder.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Download the Hoster from:

    www.funkytoad.com/download/hoster.zip

    UnZip the file and press "Restore Original Hosts" and press "OK". Exit
    Program.


    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.


    * Double-click VundoFix.exe to run it.
    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
    * Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
    * In the Window: copy and paste next in the first field: C:\WINDOWS\system32\ssttt.dll
    * Copy and paste next in the second field: C:\WINDOWS\System32\tttss.*
    * Click the “Add Files” button.
    * Click the "Close Window" button.
    * Click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on.
    * A log will be created, C:\vundofix.txt which you will need to include in your next reply along with a new HijackThis log.

    Then repeat and do again but for this file!


    * Put a check next to Run VundoFix as a task.
    * You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
    * Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
    * In the Window: copy and paste next in the first field: C:\WINDOWS\system32\pmnnn.dll
    * Copy and paste next in the second field: C:\WINDOWS\System32\nnnmp.*
    * Click the “Add Files” button.
    * Click the "Close Window" button.
    * Click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will shutdown your computer, click OK.
    * Turn your computer back on.
    * A log will be created, C:\vundofix.txt which you will need to include in your next reply along with a new HijackThis log.


    Go here and downlaod the latest version of java, once
    downloaded, go to add/remove and uninstall all previous versions of java
    from add/remove and then instlall the latest version you just downloaded!

    http://java.com/en/download/manual.jsp




    Download ewido!


    http://www.ewido.net/en/


    * Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ssttt.dll
    O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\sstqo.dll
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\pmnnn.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegar...GameLoader.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite...0.60/setup.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Ref...GameLoader.cab
    O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...0_SILENT_2.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://www.msishopper.net/Site/ICRe...eUploader3.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.11/g_bin_eng/mahjong_2_0_0_6.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/...ol/h2hpool.cab
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\SYSTEM32\pmnnn.dll
    O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll



    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\Program Files\WinFixer_2006\uwfx6.exe
    C:\Program Files\WinFixer_2006
    C:\WINDOWS\system32\sstqo.dll



    Run Ewido!

    # IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    # Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close Ewido and reboot your system back into Normal Mode.



    reboot to normal mode and run a few online scans!


    Make sure your ActiveX controls are set as follows:

    Go to Internet Options - Security - Internet, press 'default level', then OK.
    Now press "Custom Level."

    In the ActiveX section, set the first two options (Download signed and
    unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
    controls not marked as safe" to 'disable'.


    Active X settings

    http://www.compu-docs.com/activex.htm



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!


    post another hijack this log, the ewido, vundo and active scan logs
     
  5. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    here are the 2 newest hijack/vundo logs. am working on the java part now, will post the rest when i get there. thank you so much for your help!

    VundoFix V5.1.7

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Scan started at 12:38:06 PM 8/11/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\pmnnn.dll

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\SYSTEM32\pmnnn.dll
    C:\windows\SYSTEM32\pmnnn.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\ssttt.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 1:07:42 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    c:\windows\system32\VundoFix.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ssttt.dll (file missing)
    O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\sstqo.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\pmnnn.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [laltin] C:\WINDOWS\system32\L90112201.Stub.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.60/setup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
    O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149474397468
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://www.msishopper.net/Site/ICResources/ImageUploader3.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.11/g_bin_eng/mahjong_2_0_0_6.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v50/h2hpool/h2hpool.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F17E8454-5ED4-42CB-999B-7D53B795B271}: NameServer = 66.73.20.40 206.141.193.55
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Mark Campbell\Desktop\Computer tools\CWShredder.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  6. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    VundoFix V5.1.7

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Scan started at 12:38:06 PM 8/11/2006

    Listing files found while scanning....

    C:\windows\SYSTEM32\pmnnn.dll

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\SYSTEM32\pmnnn.dll
    C:\windows\SYSTEM32\pmnnn.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    The process smss.exe was successfully stopped

    The process winlogon.exe was successfully stopped

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\ssttt.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 1:22:50 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Mark Campbell\Desktop\mark\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ssttt.dll (file missing)
    O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\sstqo.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [laltin] C:\WINDOWS\system32\L90112201.Stub.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.60/setup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
    O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149474397468
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://www.msishopper.net/Site/ICResources/ImageUploader3.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.11/g_bin_eng/mahjong_2_0_0_6.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v50/h2hpool/h2hpool.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F17E8454-5ED4-42CB-999B-7D53B795B271}: NameServer = 66.73.20.40 206.141.193.55
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Mark Campbell\Desktop\Computer tools\CWShredder.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  7. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok post all the other logs when your finished especially the ewiod and the panda scna log, take your time! ;)
     
  8. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    e w i d o a n t i - s p y w a r e - S c a n R e p o r t

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



    + C r e a t e d a t : 4 : 3 3 : 5 1 P M 8 / 1 1 / 2 0 0 6



    + S c a n r e s u l t :







    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 A 1 . t m p \ z a n u . e x e - > A d w a r e . 1 8 0 S o l u t i o n s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 A 1 . t m p \ z a n u h o o k . d l l - > A d w a r e . 1 8 0 S o l u t i o n s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 6 3 . t m p - > A d w a r e . A d U R L : N o a c t i o n t a k e n .

    C : \ W I N D O W S \ c p b r k p i e . o c x - > A d w a r e . C o u p o n s : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ m o t o i n - > A d w a r e . D e l f i n : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C 3 . t m p \ L i m e S h o p 1 . e x e - > A d w a r e . R e b a t e s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 C 6 . t m p - > A d w a r e . S a h a t : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ C l a s s e s \ A p p I D \ { 4 F 5 E 5 D 7 2 - C 9 1 5 - 4 f 3 b - 9 0 8 B - 5 2 7 D 0 6 4 B 0 F A A } - > A d w a r e . S y s P r o t e c t : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { E F 1 3 0 E 7 7 - 0 A 3 4 - 4 3 6 5 - B F B 7 - 2 1 8 F D 3 D D C D 5 F } - > A d w a r e . S y s P r o t e c t : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 0 2 9 4 6 F D 1 - 2 D 9 9 - 4 6 E 6 - A 7 9 0 - 3 A 0 8 9 7 1 4 E D D 9 } - > A d w a r e . S y s P r o t e c t : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { 7 E A C F 7 0 B - 3 0 2 F - 4 0 4 9 - A C 6 8 - 2 D 6 2 E B 4 3 E 4 7 3 } - > A d w a r e . S y s P r o t e c t : N o a c t i o n t a k e n .

    C : \ D o c u m e n t s a n d S e t t i n g s \ M a r k C a m p b e l l \ D e s k t o p \ m a r k \ u n k n o w n s t u f f \ O r e g o n T r a i l - d m . e x e - > A d w a r e . T r y m e d i a : N o a c t i o n t a k e n .

    C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { B 3 7 6 8 0 B 2 - B A 0 A - 4 E 5 D - B F 3 0 - 8 3 E 4 4 C 5 8 8 6 2 4 } \ R P 1 0 5 6 \ A 0 3 8 3 6 6 2 . d l l - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { B 3 7 6 8 0 B 2 - B A 0 A - 4 E 5 D - B F 3 0 - 8 3 E 4 4 C 5 8 8 6 2 4 } \ R P 1 0 5 6 \ A 0 3 8 3 6 6 3 . d l l - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    C : \ V u n d o F i x B a c k u p s \ p m n n n . d l l - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    C : \ W I N D O W S \ S Y S T E M 3 2 \ m l j j j . d l l - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    C : \ W I N D O W S \ S Y S T E M 3 2 \ v t u t t . d l l - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { 7 A 1 A 1 0 9 F - 5 8 B 3 - 4 1 4 B - 9 8 2 9 - 5 F 4 D 9 B E 5 F E D E } - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x p l o r e r \ B r o w s e r H e l p e r O b j e c t s \ { 7 A 1 A 1 0 9 F - 5 8 B 3 - 4 1 4 B - 9 8 2 9 - 5 F 4 D 9 B E 5 F E D E } - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    H K U \ S - 1 - 5 - 2 1 - 7 7 7 0 9 0 1 2 0 - 4 1 8 9 3 2 9 4 7 1 - 2 8 1 2 3 2 2 2 3 7 - 1 0 0 7 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ E x t \ S t a t s \ { 7 A 1 A 1 0 9 F - 5 8 B 3 - 4 1 4 B - 9 8 2 9 - 5 F 4 D 9 B E 5 F E D E } - > A d w a r e . V i r t u m o n d e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 1 7 . t m p - > D o w n l o a d e r . K e e n v a l . e : N o a c t i o n t a k e n .

    C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ p o p c a p l o a d e r . d l l - > N o t - A - V i r u s . D o w n l o a d e r . W i n 3 2 . P o p C a p . a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 9 5 . t m p - > T r a c k i n g C o o k i e . 2 4 7 r e a l m e d i a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 6 1 . t m p - > T r a c k i n g C o o k i e . 2 4 7 r e a l m e d i a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 1 F . t m p - > T r a c k i n g C o o k i e . 2 o 7 : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D B . t m p - > T r a c k i n g C o o k i e . 2 o 7 : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 7 C . t m p - > T r a c k i n g C o o k i e . A d d y n a m i x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 2 6 . t m p - > T r a c k i n g C o o k i e . A d s e r v e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 9 . t m p - > T r a c k i n g C o o k i e . A d s e r v e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D E . t m p - > T r a c k i n g C o o k i e . A d t e c h : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 4 . t m p - > T r a c k i n g C o o k i e . A d v e r t i s i n g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D F . t m p - > T r a c k i n g C o o k i e . A d v e r t i s i n g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 9 1 . t m p - > T r a c k i n g C o o k i e . A d v e r t i s i n g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 9 A . t m p - > T r a c k i n g C o o k i e . A d v e r t i s i n g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D A . t m p - > T r a c k i n g C o o k i e . A t d m t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 6 8 2 . t m p - > T r a c k i n g C o o k i e . B f a s t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 F 3 . t m p - > T r a c k i n g C o o k i e . B l u e s t r e a k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 6 8 3 . t m p - > T r a c k i n g C o o k i e . B l u e s t r e a k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 7 B . t m p - > T r a c k i n g C o o k i e . B r i d g e t r a c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 6 8 4 . t m p - > T r a c k i n g C o o k i e . B r i d g e t r a c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 9 9 . t m p - > T r a c k i n g C o o k i e . B r i d g e t r a c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 F 4 . t m p - > T r a c k i n g C o o k i e . B u r s t n e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 9 C . t m p - > T r a c k i n g C o o k i e . B u r s t n e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C C . t m p - > T r a c k i n g C o o k i e . C a s a l e m e d i a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 D 1 . t m p - > T r a c k i n g C o o k i e . C a s a l e m e d i a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 4 . t m p - > T r a c k i n g C o o k i e . C e n t r p o r t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 D 2 . t m p - > T r a c k i n g C o o k i e . C e n t r p o r t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C D . t m p - > T r a c k i n g C o o k i e . C l i c k a g e n t s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q E . t m p - > T r a c k i n g C o o k i e . C l i c k a g e n t s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 6 6 . t m p - > T r a c k i n g C o o k i e . C l i c k b a n k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 7 E . t m p - > T r a c k i n g C o o k i e . C l i c k b a n k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 2 1 . t m p - > T r a c k i n g C o o k i e . C l i c k z s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 F 5 . t m p - > T r a c k i n g C o o k i e . C o m : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 9 A . t m p - > T r a c k i n g C o o k i e . C o m : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 7 E . t m p - > T r a c k i n g C o o k i e . C o m m i s s i o n - j u n c t i o n : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 2 3 . t m p - > T r a c k i n g C o o k i e . C o r e m e t r i c s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 2 1 . t m p - > T r a c k i n g C o o k i e . C o u n t e d : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 8 . t m p - > T r a c k i n g C o o k i e . D o u b l e c l i c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 8 7 . t m p - > T r a c k i n g C o o k i e . G o l d e n p a l a c e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 0 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 1 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 3 F . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C E . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C F . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 5 A . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 D 3 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 D 4 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 6 3 5 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 A 4 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q A 3 A . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q A 3 B . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q C 1 . t m p - > T r a c k i n g C o o k i e . H i t b o x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 5 . t m p - > T r a c k i n g C o o k i e . H i t s l i n k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 9 A . t m p - > T r a c k i n g C o o k i e . H i t s l i n k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 7 D E . t m p - > T r a c k i n g C o o k i e . H i t s l i n k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 E 3 . t m p - > T r a c k i n g C o o k i e . H o t l o g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 2 A . t m p - > T r a c k i n g C o o k i e . H y p e r t r a c k e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 E 6 . t m p - > T r a c k i n g C o o k i e . L i n k s y n e r g y : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 1 . t m p - > T r a c k i n g C o o k i e . M e d i a p l e x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 9 F . t m p - > T r a c k i n g C o o k i e . M e d i a p l e x : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 7 . t m p - > T r a c k i n g C o o k i e . O n e s t a t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q F . t m p - > T r a c k i n g C o o k i e . P r o - m a r k e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 8 0 . t m p - > T r a c k i n g C o o k i e . Q k s r v : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 8 . t m p - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 C 9 . t m p - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 B 3 . t m p - > T r a c k i n g C o o k i e . R e a l t r a c k e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 5 B . t m p - > T r a c k i n g C o o k i e . R e a l t r a c k e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 5 . t m p - > T r a c k i n g C o o k i e . R e v e n u e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 5 D . t m p - > T r a c k i n g C o o k i e . R e v e n u e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 5 . t m p - > T r a c k i n g C o o k i e . R u 4 : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 2 3 . t m p - > T r a c k i n g C o o k i e . R u 4 : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 5 . t m p - > T r a c k i n g C o o k i e . S e r v i n g - s y s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 F 1 . t m p - > T r a c k i n g C o o k i e . S e r v i n g - s y s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 5 8 . t m p - > T r a c k i n g C o o k i e . S e r v i n g - s y s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 7 D . t m p - > T r a c k i n g C o o k i e . S e r v i n g - s y s : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 5 2 . t m p - > T r a c k i n g C o o k i e . S h o p a t h o m e s e l e c t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 3 0 . t m p - > T r a c k i n g C o o k i e . S p y l o g : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 8 . t m p - > T r a c k i n g C o o k i e . S t a t c o u n t e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 F 6 . t m p - > T r a c k i n g C o o k i e . S t a t c o u n t e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 9 B . t m p - > T r a c k i n g C o o k i e . T a c o d a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 F 5 . t m p - > T r a c k i n g C o o k i e . T a c o d a : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 6 . t m p - > T r a c k i n g C o o k i e . T a r g e t n e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 9 2 . t m p - > T r a c k i n g C o o k i e . T a r g e t n e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 9 4 . t m p - > T r a c k i n g C o o k i e . T a r g e t n e t : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 1 F 2 . t m p - > T r a c k i n g C o o k i e . T r a d e d o u b l e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 D 7 . t m p - > T r a c k i n g C o o k i e . T r a f f i c m p : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 9 F . t m p - > T r a c k i n g C o o k i e . T r a f f i c m p : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 F . t m p - > T r a c k i n g C o o k i e . V a l u e a d : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 7 2 . t m p - > T r a c k i n g C o o k i e . V a l u e a d : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 1 2 5 . t m p - > T r a c k i n g C o o k i e . V a l u e c l i c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 3 0 . t m p - > T r a c k i n g C o o k i e . V a l u e c l i c k : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 1 . t m p - > T r a c k i n g C o o k i e . W e b t r e n d s l i v e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 8 1 9 . t m p - > T r a c k i n g C o o k i e . W e b t r e n d s l i v e : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 2 6 4 . t m p - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 4 C 8 . t m p - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : N o a c t i o n t a k e n .

    C : \ P r o g r a m F i l e s \ Y a h o o ! \ Y P S R \ Q u a r a n t i n e \ p p q 5 D E . t m p - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : N o a c t i o n t a k e n .

    C : \ W I N D O W S \ p l a n d e . e x e - > T r o j a n . I m i s e r v . c : N o a c t i o n t a k e n .





    : : R e p o r t e n d
     
  9. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    Incident Status Location

    Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
    Adware:adware/look2me Not disinfected c:\windows\system32\guard.tmp
    Adware:adware/powerscan Not disinfected c:\windows\system32\intrigue.dll
    Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml
    Adware:adware/wintools Not disinfected c:\windows\hisistheurls.exe
    Adware:adware/exact.bargainbuddy Not disinfected c:\windows\launcher.exe
    Spyware:spyware/media-motor Not disinfected c:\windows\ubber60.ini
    Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\program files\common files\WinAntiVirus Pro 2006
    Adware:adware/cws Not disinfected C:\Documents and Settings\Mark Campbell\Favorites\Fun & Games
    Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Mark Campbell\Application Data\Lycos
    Adware:adware/savenow Not disinfected c:\documents and settings\all users\application data\nsv
    Spyware:spyware/clipgenie Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MyWay
    Spyware:spyware/virtumonde Not disinfected Windows Registry
    Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
    Adware:adware/transponder Not disinfected Windows Registry
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Adware:adware/novo Not disinfected Windows Registry
    Adware:adware/otx Not disinfected Windows Registry
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected]elnk[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mark Campbell\Cookies\mark [email protected][2].txt
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Mark Campbell\Local Settings\Temp\Zango\jadeshadow\Bidulator.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
    Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq122.tmp
    Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq124.tmp
    Spyware:Cookie/Peel Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
    Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq167.tmp
    Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
    Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CA.tmp
    Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CB.tmp
    Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D0.tmp
    Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D3.tmp
    Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp
    Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49D.tmp
    Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D0.tmp
    Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D5.tmp
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E6.tmp
    Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp
    Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp
    Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp
    Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp
    Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5DB.tmp
    Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5EE.tmp
    Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp
    Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F8.tmp
    Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp
    Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp
    Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq661.tmp
    Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71B.tmp
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq720.tmp
     
  10. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq722.tmp
    Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq724.tmp
    Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E8.tmp
    Spyware:Cookie/Peel Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E9.tmp
    Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF76.tmp
    Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF77.tmp
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF79.tmp
    Adware:Adware/SidebySideSearch Not disinfected C:\sbss.exe[sbss.exe]
    Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\3AR332.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\3YRRGBA.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\aativeds.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\AJNePlayer.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\akmlib.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\BUOTVID.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\ioseng.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\ivseng.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\KFDHU1.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\lxcalsec.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\mdcories.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\mfiwave.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\MQENCODE.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\msdemui.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\mwc42u.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\oxexl32.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\pywave.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\rKstapi.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\swrrun.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\UZILDLL.DLL
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\wfcltui.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\wtnsrv.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\wyhip6.dll
    Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\zjib.dll
     
  11. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    run ewido again and allow it to fix what it finds!

    But first download and run l2me


    Click here to download Look2Me-Destroyer.exe and save it to your desktop.

    http://www.atribune.org/ccount/click.php?id=7



    * Close all windows before continuing.
    * Double-click Look2Me-Destroyer.exe to run it.
    * Put a check next to Run this program as a task.
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the Remove L2M button.
    * You will receive a Done Scanning message, click OK.
    * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.


    If Look2Me-Destroyer does not reopen automatically, reboot and try again.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

    http://www.ascentive.com/support/new...b/MSWINSCK.OCX


    go here and empty out this folder!


    C:\Program Files\Yahoo!\YPSR\Quarantine


    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php





    Double-click on Killbox.exe to run it. Now put a tick by Delete on
    Reboot. In the "Full Path of File to Delete" box, copy and paste each
    of the following lines one at a time then click on the button that has
    the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file on next reboot. Click
    Yes. It will then ask if you want to reboot now. Click No. Continue
    with that same procedure until you have copied and pasted all of
    these in the "Paste Full Path of File to Delete" box.Then click yes
    to reboot after you entered the last one.


    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.



    C:\WINDOWS\system32\cd_clint.dll
    c:\windows\system32\guard.tmp
    c:\windows\system32\intrigue.dll
    c:\windows\system32\stlb2.xml
    c:\windows\hisistheurls.exe
    c:\windows\launcher.exe
    c:\windows\ubber60.ini
    c:\program files\common files\WinAntiVirus Pro 2006



    Run another panda scan !


    Post another hijack this log, the l2me, ewido, and the panda scan log
     
  12. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 8/19/2006 7:50:02 PM

    Infected! C:\WINDOWS\system32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\guard.tmp Deleted successfully!

    Making registry repairs.


    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 8:05:20 PM, on 8/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Documents and Settings\Mark Campbell\Desktop\mark\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ssttt.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [laltin] C:\WINDOWS\system32\L90112201.Stub.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Utopia Angel] "C:\Documents and Settings\Mark Campbell\Desktop\mark\Angel.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - http://www.picturebuzz.com/common/programs/swicdad.cab
    O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WISH
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.60/setup.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
    O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149474397468
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
    O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://www.msishopper.net/Site/ICResources/ImageUploader3.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GINMAHJONG Class) - http://66.98.132.11/g_bin_eng/mahjong_2_0_0_6.cab
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v50/h2hpool/h2hpool.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F17E8454-5ED4-42CB-999B-7D53B795B271}: NameServer = 66.73.20.40 206.141.193.55
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Mark Campbell\Desktop\Computer tools\CWShredder.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,333
    khazars is away for a few weeks so I will continue this with you.


    Did you also do the new Panda scan he asked for?


    Also, please do this:

    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  14. mamasa

    mamasa Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    12
    i'm doing panda in a moment, will post when it's over- thanks again for everything!!!
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,333
    I will be signing off soon but will check back in the morning. (y)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491419

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice