1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Big Problems

Discussion in 'Earlier Versions of Windows' started by toopay, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    would someone please take a look at the HJT log, and instruct as what to do.
    thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:33 PM, on 1/21/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    c:\windows\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\ICONFIG.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINSTALL.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=cox-internet.com
    R3 - URLSearchHook: (no name) - {B0CC416A-B1B9-38B2-5351-9C284AB969DE} - (no file)
    R3 - URLSearchHook: (no name) - {2AED2F34-DF01-5678-A754-522E6D4FAC5C} - (no file)
    F1 - win.ini: run=hpfsched
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Program Files\Netscape\Users\User00\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\WCUUB.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\WCUUB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE "Software\Shuttle Technology\07810200"
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HWIPER.EXE] C:\WINDOWS\SYSTEM\HWIPER.EXE
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
    O4 - HKCU\..\Run: [vxdman] SpyElim.exe
    O4 - HKCU\..\Run: [NsCplTray] BoundRec.exe
    O4 - HKCU\..\Run: [jopplerg] utsgmon.exe
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
    O4 - HKCU\..\Run: [SAPSTR] xwiz.exe
    O4 - HKCU\..\Run: [AliceSD] DCC_send.exe
    O4 - HKCU\..\Run: [dialer423] Testimonials.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
    O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
     
  2. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    I'm sorry the system that I am on is running Win 98
     
  3. 1069

    1069

    Joined:
    Sep 7, 2004
    Messages:
    1,912
    You have Win 98se ( from your log ).

    It would help the log experts if you could give a little more information about the problems that you atre having.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    I will post back with instructions shortly.
     
  5. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Well the system is running very slow. I have installed Adware se personal 1.06r1, spybot 1.4 and ran both, but system is still slow, also have run both in safe mode. deleted the temps in safe mode.
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.


    Click Here and download Killbox and save it to your desktop but don’t run it yet.


    Click here to download smitRem.exe.
    • Save the file to your desktop.
    • It is a self extracting file.
    • Double click the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
    • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


    Go to Control Panel – Add/Remove programs and remove:

    Wareout


    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\msblank.html

    R3 - URLSearchHook: (no name) - {B0CC416A-B1B9-38B2-5351-9C284AB969DE} - (no file)

    R3 - URLSearchHook: (no name) - {2AED2F34-DF01-5678-A754-522E6D4FAC5C} - (no file)

    F1 - win.ini: run=hpfsched

    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} –
    C:\WINDOWS\SYSTEM\WCUUB.DLL

    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\WCUUB.DLL

    O4 - HKLM\..\Run: [HWIPER.EXE] C:\WINDOWS\SYSTEM\HWIPER.EXE

    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn72.exe rundll.dll,LoadMouseProfile

    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"

    O4 - HKCU\..\Run: [vxdman] SpyElim.exe

    O4 - HKCU\..\Run: [NsCplTray] BoundRec.exe

    O4 - HKCU\..\Run: [jopplerg] utsgmon.exe

    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"

    O4 - HKCU\..\Run: [SAPSTR] xwiz.exe

    O4 - HKCU\..\Run: [AliceSD] DCC_send.exe

    O4 - HKCU\..\Run: [dialer423] Testimonials.exe

    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

    O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)

    O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)

    O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)

    O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)


    Click FIX CHECKED. Close HijackThis, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again. Restart to safe mode.


    How to restart to safe mode


    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\WINDOWS\SYSTEM\HWIPER.EXE

      C:\WINDOWS\SYSTEM\popcorn72.exe

      C:\Program Files\WareOut

      C:\WINDOWS\SYSTEM\SpyElim.exe

      C:\WINDOWS\SYSTEM\BoundRec.exe

      C:\WINDOWS\SYSTEM\utsgmon.exe

      C:\WINDOWS\SYSTEM\xwiz.exe

      C:\WINDOWS\SYSTEM\DCC_send.exe

      C:\WINDOWS\SYSTEM\Testimonials.exe

      C:\WINDOWS\SYSTEM\C:\winstall.exe

      C:\Program Files\UnSpyPC



    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.




    Go to Control Panel > Display. Click on the "Web" tab. Under "View my Active desktop as a web page" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button.
    Remove the check by "View my Active desktop as a web page".
    Click OK then Apply and OK.

    Restart back into Windows normally now.


    Run ActiveScan online virus scan here


    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log and the scan log from the Panda Active Scan.
     
  7. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Fixwareout ver 1.003
    Last edited 1/12/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\REPIWH
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1dedoc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llams_ogol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\domdnb
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\orcimlh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23tsniow
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\emvaf
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

    PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Search by size and names...
    C:\WINDOWS\SYSTEM\WOINST32.EXE
    C:\WINDOWS\SYSTEM\DMRHW.EXE

    »»»»» Misc files
    C:\WINDOWS\System\msblank32.html


    Logfile of HijackThis v1.99.1
    Scan saved at 5:12:48 PM, on 1/21/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    c:\windows\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\ICONFIG.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HIGHJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=msn.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Program Files\Netscape\Users\User00\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE "Software\Shuttle Technology\07810200"
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    could not run active scan, Possible causes of this error are:

    Not allowing the application's ActiveX control to be downloaded.

    Problems with the Internet connection.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    The log looks good but I'd still like to get a Panda scan, if possible.

    Reset your ActiveX security settings like so... Go to Internet Options > Security > Internet, press 'default level', then OK.
    Now press "Custom Level."
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.


    Then try to run the Panda scan again please.
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    Mean to include this in my last post.

    Boot to safe mode and run Killbox on these files:

    C:\WINDOWS\SYSTEM\WOINST32.EXE

    C:\WINDOWS\SYSTEM\DMRHW.EXE

    C:\WINDOWS\System\msblank32.html
     
  10. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Incident Status Location

    Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM\ia.dll
    Adware:adware/downloadware Not disinfected C:\PROGRAM FILES\MedCh
    Adware:adware/globosearch Not disinfected Windows Registry
    Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.ask.com/]
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.belnk.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.burstnet.com/]
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.dist.belnk.com/]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[ads.pointroll.com/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[landing.domainsponsor.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[server.iad.liveperson.net/hc/65560744]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.doubleclick.net/]
    Dialer:Dialer.B Not disinfected C:\WINDOWS\SYSTEM\EGDHTML_1023.dll
    Dialer:Dialer.B Not disinfected C:\WINDOWS\SYSTEM\EGDHTML_1024.dll
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[65560744]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Hacktool:Hacktool/Processor Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\NewCache\3EFBEAA3d01[Process.exe]
    Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\lolita-sex-movies.exe
    Possible Virus. Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS277.exe
    Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter
     
  11. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[S144191]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][3].txt
    Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Errorguard Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][3].txt
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][3].txt
    Spyware:Cookie/MediaTickets Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][4].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][3].txt
    Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/SpywareStormer Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Spyspotter Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\breea\Cookies\[email protected][3].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[S144191]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Errorguard Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/MediaTickets Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][4].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/SpywareStormer Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Spyspotter Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/Kount Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][3].txt
    Spyware:Cookie/GoClick Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][5].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][5].txt
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Profiles\hailey\Cookies\[email protected][4].txt
    Possible Virus. Not disinfected C:\RECYCLED\DC0.EXE
    Possible Virus. Not disinfected C:\RECYCLED\DC1.EXE
    Possible Virus. Not disinfected C:\RECYCLED\DC2.EXE
    Adware:Adware/MyWay Not disinfected C:\Program Files\Netscape\Communicator\Program\plugins\NPMyWay.dll
    Adware:Adware/BrilliantDigital Not disinfected C:\Program Files\KaZaA\bdcore.dll
    Possible Virus. Not disinfected C:\My Download Files\msn.com
    Possible Virus. Not disinfected C:\My Download Files\gdnUS277.exe
    Hacktool:Hacktool/Processor Not disinfected C:\My Downloads\smitRem.exe[Process.exe]
    Hacktool:Hacktool/Processor Not disinfected C:\My Downloads\smitRem\Process.exe
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    Go here and download the Free Trial version of SpySweeper.

    • Save the ssfsetup1_1830749570.exe file to your desktop or somewhere convenient.
    • Double click the ssfsetup1_1830749570.exe file to begin the setup.
    • Follow the prompts to complete the installation then click "Finish" and SpySweeper should launch.
    • When it first opens, SpySweeper will prompt you to "Check for Updated Definitions"
    • Click "Yes" and download the updates.
    • After the updated definitions are downloaded, click the "Options" button on the left.
    • Under "What to Sweep", select ALL the boxes there.
    • Click the "Sweep" button on the left then click "Start" to begin the scan.
    • When it's finished scanning, click the "Next" button.
    • Make sure everything has a check next to it by clicking the "Select All" button.
    • Click the "Next" button and it will remove the selected entries.
    • Click "Finish" then exit SpySweeper.
    • Restart your computer



    Boot to safe mode and run Killbox on these files:

    C:\WINDOWS\SYSTEM\EGDHTML_1023.dll

    C:\WINDOWS\SYSTEM\EGDHTML_1024.dll

    C:\WINDOWS\SYSTEM\ia.dll

    C:\PROGRAM FILES\MedCh

    C:\WINDOWS\Downloaded Program Files\lolita-sex-movies.exe

    C:\WINDOWS\Downloaded Program Files\gdnUS277.exe

    C:\RECYCLED\DC0.EXE

    C:\RECYCLED\DC1.EXE

    C:\RECYCLED\DC2.EXE

    C:\Program Files\Netscape\Communicator\Program\plugins\NPMyWay.dll


    Navigate to these cookie folders for these users and delete the cookies flagged in the Panda scan:

    C:\WINDOWS\Cookies\

    C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt\

    C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies\

    C:\WINDOWS\Profiles\breea\Cookies\

    C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt\

    C:\WINDOWS\Profiles\hailey\Cookies\


    Reboot and do another Panda scan andn post the results please.
     
  13. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Incident Status Location

    Adware:adware/adshooter Not disinfected C:\WINDOWS\SYSTEM\syscr.dll
    Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM\howiper.exe
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Ask Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.ask.com/]
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.ath.belnk.com/]
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.belnk.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.burstnet.com/]
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.dist.belnk.com/]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Target Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.target.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[ads.pointroll.com/]
    Spyware:Cookie/360i Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[ct.360i.com/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[landing.domainsponsor.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[server.iad.liveperson.net/hc/65560744]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[.doubleclick.net/]
    Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM\howiper.exe
    Dialer:Dialer.FGG Not disinfected C:\WINDOWS\SYSTEM\dial32.exe
    Adware:Adware/Spoon Not disinfected C:\WINDOWS\SYSTEM\favset.exe
    Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[65560744]
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/go Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[S144191]
    Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Profiles\breea\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/go Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[S144191]
    Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Profiles\hailey\Application Data\Mozilla\Profiles\FLETCHERS's Franklin Account\jlaa5ghs.slt\cookies.txt[]
    Virus:Trj/Shinwow.E Disinfected C:\WINDOWS\.jpi_cache\jar\1.0\showbanner.jar-228e1fd-3e9b1c80.zip[Beyond.class]
    Dialer:Dialer.FGG Not disinfected C:\WINDOWS\1.dat
    Adware:Adware/Spywad Not disinfected C:\WINDOWS\2.dat
    Adware:Adware/QuickWeb Not disinfected C:\RECYCLED\NPROTECT\00001384.EXE
    Adware:Adware/QuickWeb Not disinfected C:\RECYCLED\NPROTECT\00001386.EXE
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLED\DC1045[Process.exe]
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLED\DC1222.TXT
    Spyware:Cookie/YieldManager Not disinfected C:\RECYCLED\DC1242.TXT
    Spyware:Cookie/Hbmediapro Not disinfected C:\RECYCLED\DC1248.TXT
    Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLED\DC1259.TXT
    Spyware:Cookie/Ask Not disinfected C:\RECYCLED\DC1279.TXT
    Spyware:Cookie/Ask Not disinfected C:\RECYCLED\DC1280.TXT
    Spyware:Cookie/Azjmp Not disinfected C:\RECYCLED\DC1291.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC1323.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC1324.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC1325.TXT
    Spyware:Cookie/Ccbill Not disinfected C:\RECYCLED\DC1334.TXT
    Spyware:Cookie/Ccbill Not disinfected C:\RECYCLED\DC1335.TXT
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLED\DC1359.TXT
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLED\DC1360.TXT
    Spyware:Cookie/360i Not disinfected C:\RECYCLED\DC1376.TXT
    Spyware:Cookie/360i Not disinfected C:\RECYCLED\DC1377.TXT
    Spyware:Cookie/Belnk Not disinfected C:\RECYCLED\DC1422.TXT
    Spyware:Cookie/Belnk Not disinfected C:\RECYCLED\DC1423.TXT
    Spyware:Cookie/Errorguard Not disinfected C:\RECYCLED\DC1453.TXT
    Spyware:Cookie/go Not disinfected C:\RECYCLED\DC1499.TXT
    Spyware:Cookie/go Not disinfected C:\RECYCLED\DC1500.TXT
    Spyware:Cookie/MediaTickets Not disinfected C:\RECYCLED\DC1565.TXT
    Spyware:Cookie/Kount Not disinfected C:\RECYCLED\DC1566.TXT
    Spyware:Cookie/Kount Not disinfected C:\RECYCLED\DC1567.TXT
    Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLED\DC1666.TXT
    Spyware:Cookie/SpywareStormer Not disinfected C:\RECYCLED\DC1727.TXT
    Spyware:Cookie/Target Not disinfected C:\RECYCLED\DC1746.TXT
    Spyware:Cookie/Target Not disinfected C:\RECYCLED\DC1747.TXT
    Spyware:Cookie/Affiliate fuel Not disinfected C:\RECYCLED\DC1792.TXT
    Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLED\DC1817.TXT
    Spyware:Cookie/BurstBeacon
     
  14. toopay

    toopay Thread Starter

    Joined:
    Jun 7, 2003
    Messages:
    354
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\RECYCLED\DC1956.TXT
    Spyware:Cookie/web-stat Not disinfected C:\RECYCLED\DC2027.TXT
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLED\DC2083.TXT
    Spyware:Cookie/2o7.net Not disinfected C:\RECYCLED\DC2084.TXT
    Spyware:Cookie/YieldManager Not disinfected C:\RECYCLED\DC2108.TXT
    Spyware:Cookie/Hbmediapro Not disinfected C:\RECYCLED\DC2114.TXT
    Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLED\DC2126.TXT
    Spyware:Cookie/Ask Not disinfected C:\RECYCLED\DC2147.TXT
    Spyware:Cookie/Ask Not disinfected C:\RECYCLED\DC2148.TXT
    Spyware:Cookie/Azjmp Not disinfected C:\RECYCLED\DC2161.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC2196.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC2197.TXT
    Spyware:Cookie/BurstNet Not disinfected C:\RECYCLED\DC2198.TXT
    Spyware:Cookie/GoClick Not disinfected C:\RECYCLED\DC2201.TXT
    Spyware:Cookie/Ccbill Not disinfected C:\RECYCLED\DC2209.TXT
    Spyware:Cookie/Ccbill Not disinfected C:\RECYCLED\DC2210.TXT
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLED\DC2236.TXT
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLED\DC2237.TXT
    Spyware:Cookie/360i Not disinfected C:\RECYCLED\DC2254.TXT
    Spyware:Cookie/360i Not disinfected C:\RECYCLED\DC2255.TXT
    Spyware:Cookie/Belnk Not disinfected C:\RECYCLED\DC2303.TXT
    Spyware:Cookie/Belnk Not disinfected C:\RECYCLED\DC2304.TXT
    Spyware:Cookie/Errorguard Not disinfected C:\RECYCLED\DC2340.TXT
    Spyware:Cookie/go Not disinfected C:\RECYCLED\DC2388.TXT
    Spyware:Cookie/go Not disinfected C:\RECYCLED\DC2389.TXT
    Spyware:Cookie/go Not disinfected C:\RECYCLED\DC2390.TXT
    Spyware:Cookie/MediaTickets Not disinfected C:\RECYCLED\DC2461.TXT
    Spyware:Cookie/Kount Not disinfected C:\RECYCLED\DC2462.TXT
    Spyware:Cookie/Kount Not disinfected C:\RECYCLED\DC2463.TXT
    Spyware:Cookie/Kount Not disinfected C:\RECYCLED\DC2464.TXT
    Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLED\DC2574.TXT
    Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLED\DC2620.TXT
    Spyware:Cookie/SpywareStormer Not disinfected C:\RECYCLED\DC2646.TXT
    Spyware:Cookie/Target Not disinfected C:\RECYCLED\DC2668.TXT
    Spyware:Cookie/Target Not disinfected C:\RECYCLED\DC2669.TXT
    Spyware:Cookie/Affiliate fuel Not disinfected C:\RECYCLED\DC2718.TXT
    Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLED\DC2745.TXT
    Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLED\DC2746.TXT
    Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLED\DC2747.TXT
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\RECYCLED\DC2899.TXT
    Spyware:Cookie/web-stat Not disinfected C:\RECYCLED\DC2979.TXT
    Adware:Adware/BrilliantDigital Not disinfected C:\Program Files\KaZaA\bdcore.dll
    Dialer:Dialer.NO Not disinfected C:\My Download Files\msn.com
    Dialer:Dialer.NO Not disinfected C:\My Download Files\gdnUS277.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\smitRem.exe[Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\smitRem\Process.exe
    Virus:Trj/Downloader.EQV Disinfected C:\ms32.tmp
    Dialer:Dialer.B Not disinfected C:\!KillBox\EGDHTML_1023.dll
    Dialer:Dialer.B Not disinfected C:\!KillBox\EGDHTML_1024.dll
    Dialer:Dialer.Gen Not disinfected C:\!KillBox\lolita-sex-movies.exe
    Dialer:Dialer.NO Not disinfected C:\!KillBox\gdnUS277.exe
    Potentially unwanted tool:Application/MyWay Not disinfected C:\!KillBox\NPMyWay.dll
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    Reboot to safe mode and run Killbox on these files:

    C:\WINDOWS\SYSTEM\syscr.dll

    C:\WINDOWS\SYSTEM\howiper.exe

    C:\WINDOWS\SYSTEM\dial32.exe

    C:\WINDOWS\SYSTEM\favset.exe

    C:\WINDOWS\1.dat

    C:\WINDOWS\2.dat


    Reboot and post another HijackThis log please.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435988

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice