Pop Ups From the Bottom

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
I have been getting pop ups coming up from the bottom of the screen, something I had not seen before.

Here is the HJT from this computer. Can anyone look at it and help me out?

Thanks, I appreciate it immensely!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:47:30 PM, on 1/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\dinst.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\susan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\n861.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [mmqkox] c:\windows\system32\ykuzjuq.exe r
O4 - HKLM\..\RunOnce: [iutmb5b.exe] C:\WINDOWS\System32\iutmb5b.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [iutmb5b.exe] C:\WINDOWS\System32\iutmb5b.exe /k
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
LOL okay, I just saw that CT closed your other thread. So I have reopened this one.
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
My apologies for opening a second thread. I wasn't sure how to post the new one.

Here is my new HJT and Ewido scans. It's still happening... thanking you all in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:25:09 PM, on 1/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\wblbre.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\susan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\nhkn0.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe
O4 - HKLM\..\Run: [iisklkr] C:\WINDOWS\System32\wblbre.exe r
O4 - HKLM\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
+ Created on: 4:22:21 PM, 1/10/2006
+ Report-Checksum: 67ACECC5

+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\drs.n -> Adware.Searchforit : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-818439222-3806567221-3154067829-1006\Software\WinUpdt -> Spyware.SecondThought : Cleaned with backup
[804] C:\WINDOWS\System32\wpefuk.exe -> Trojan.Agent.cp : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2dj6wjl4uocpcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected]-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\susan\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\susan\Desktop\backups\backup-20050523-154908-612.dll -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\AEN\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\atiupdate.exe -> Downloader.Delf.zw : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\clnB.tmp -> Downloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\COJ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\EAE\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\GLF4DGLF4D.EXE -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\GLFDGLFD.EXE -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\GRI\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\i47.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\LGI\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\ozc0.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\QRI\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\temp.fr4562 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\temp.frA185 -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\Temporary Directory 1 for price2[1].zip\09_price.exe -> Worm.Bagle.dg : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\toc_0036.exe -> Downloader.Agent.jq : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\ts_8_new.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\WZL\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\susan\Local Settings\Temp\YUC\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\CxtPls -> Adware.AproposMedia : Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> Downloader.VB.eu : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Spyware.ActivShopper : Cleaned with backup
C:\RECYCLER\S-1-5-21-818439222-3806567221-3154067829-1006\Dc4\sf.exe -> Downloader.Small.hs : Cleaned with backup
C:\RECYCLER\S-1-5-21-818439222-3806567221-3154067829-1006\Dc6.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\S-1-5-21-818439222-3806567221-3154067829-1006\Dc9.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0028593.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP634\A0028600.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028618.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028619.exe -> Trojan.Kolweb.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028620.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028621.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028622.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0028623.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028641.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028642.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028643.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028644.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028645.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP639\A0028646.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP642\A0028675.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP642\A0028681.exe -> Adware.BetterInternet : Cleaned with backup
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP642\A0028683.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0028701.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0028702.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP644\A0028709.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP644\A0028712.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0028720.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0028723.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP646\A0028731.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0028791.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP653\A0028797.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028823.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028833.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028841.exe -> Downloader.Delf.go : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028842.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028843.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028844.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028845.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028846.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP656\A0028847.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028850.exe -> Downloader.Delf.zw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028851.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028852.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028853.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028854.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028855.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP657\A0028856.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0028883.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0028889.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP659\A0028890.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028905.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028912.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028918.exe -> Downloader.Delf.zw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028919.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028920.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028921.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028922.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028923.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP660\A0028924.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP663\A0028958.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP663\A0028964.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP663\A0028966.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP665\A0028987.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP665\A0028993.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029009.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029012.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029017.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029018.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029019.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029020.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029021.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029036.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029037.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP667\A0029038.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP673\A0029068.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP673\A0029073.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP676\A0029107.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029180.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029181.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029182.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029183.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029184.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029185.exe -> Downloader.TSUpdate.j : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029186.exe -> Spyware.Xupiter : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029187.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029188.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029189.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029190.exe -> Downloader.Apropo.ab : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029192.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029194.exe -> Downloader.Delf.zw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029196.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029197.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029203.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP683\A0029205.exe -> Adware.BetterInternet : Cleaned with backup
C:\temporary\aun_0036.exe -> Downloader.Small.akz : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI50.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEZ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIMBC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ZNETGP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Helper101.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\mthdrzna.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ozc0.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\0rcf.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\bs51-egihsg51-va.exe -> Spyware.BookedSpace.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\dist006.exe -> Downloader.VB.eu : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe -> Dropper.Delf.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\InstallAPS.exe -> Dropper.Agent.lu : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\optimize.exe -> Downloader.Dyfuca : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\ven_d1.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebdl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebsh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteppo32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitevtb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\iutmb5b.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\SYSTEM32\kkw30g3.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\ozc0.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\SYSTEM32\winshost.exe -> Worm.Bagle.dg : Cleaned with backup
C:\WINDOWS\SYSTEM32\wiwshost.exe -> Worm.Bagle.dg : Cleaned with backup
C:\WINDOWS\tpzmkxwf.exe -> Spyware.BookedSpace : Cleaned with backup
::Report End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click here to download Nailfix: http://castlecops.com/zx/flrman1/Nailfix.zip

Save the file to your desktop.
Unzip Nailfix.zip to extract the files it contains.
Do not do anything with it yet. You will run the Nailfix.cmd file later in Safe Mode.

*Download Cleanup from Here
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET

Boot into Safe Mode.

* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.


Reboot, post a new log.
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
Here is my new log from Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:48 AM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\sttujqr.exe
C:\Documents and Settings\susan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\nhkn0.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe
O4 - HKLM\..\Run: [ojhmvpr] C:\WINDOWS\System32\sttujqr.exe r
O4 - HKLM\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
Save it to your desktop.
DO NOT run it yet.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\nhkn0.dll

O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteduy32.exe

O4 - HKLM\..\Run: [ojhmvpr] C:\WINDOWS\System32\sttujqr.exe r

O4 - HKLM\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k

O4 - HKCU\..\RunOnce: [3lxr0r7.exe] C:\WINDOWS\System32\3lxr0r7.exe /k


Boot into Safe Mode.

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\WINDOWS\Nail.exe
C:\WINDOWS\dsr.dll
C:\WINDOWS\SYSTEM32\nhkn0.dll
C:\Program Files\TBONAS
C:\windows\system32\eliteduy32.exe
C:\WINDOWS\System32\sttujqr.exe
C:\WINDOWS\System32\3lxr0r7.exe


Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confirmation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to Tools > Delete Temp Files
In the window that pops up, put a check by ALL the options there except these three:
XP Prefetch
Recent
History
Now click the Delete Selected Temp Files button.
Exit the Killbox.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
Here's the latest HJT... there is still some of the same types of pop ups... Thanks for all your help. Any ideas as to how this got on this computer or what the problem is?

Logfile of HijackThis v1.99.1
Scan saved at 11:43:11 AM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\prwtft.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\susan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zhgdubo] C:\WINDOWS\System32\prwtft.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click Start – Run - and type in:

services.msc

Click OK.

In the services window find: System Startup Service

Right click and choose Properties. On the General tab under Service Status click the Stop button to stop the service. Beside Startup Type in the dropdown menu select Disabled. Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [zhgdubo] C:\WINDOWS\System32\prwtft.exe r

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Boot into Safe Mode.

Use KillBox on the following files:

C:\WINDOWS\Nail.exe
C:\WINDOWS\System32\prwtft.exe
C:\WINDOWS\svcproc.exe


Reboot, post a new log.
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
Still there...

Logfile of HijackThis v1.99.1
Scan saved at 1:59:07 PM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\uozneq.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\susan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ijjvok] C:\WINDOWS\System32\uozneq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
 

Blankman

Thread Starter
Joined
Nov 12, 2004
Messages
31
Here are the results from the Kaspersky online scan.
I did run the nailfix... it just flickered the screen on and off and that was it. Was that the intended side effect of the program?


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 12, 2006 09:30:08
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/01/2006
Kaspersky Anti-Virus database records: 160310
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\susan\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 8368
Number of viruses found: 5
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 336 sec

Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM32\Cache\SSK3_B5 Advagency.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\SYSTEM32\DrPMon.dll Infected: Trojan.Win32.Agent.db
C:\WINDOWS\SYSTEM32\n861.dll Infected: Trojan.Win32.Kolweb.f
C:\WINDOWS\SYSTEM32\uozneq.exe Infected: Trojan.Win32.Poler.a
C:\WINDOWS\SYSTEM32\x8v.sys Infected: Trojan.Win32.Kolweb.g
C:\WINDOWS\x8v.sys Infected: Trojan.Win32.Kolweb.g

Scan process completed.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top