fakeeoghan Posted November 6, 2005 Share Posted November 6, 2005 Well here it is: Logfile of HijackThis v1.99.1 Scan saved at 19:00:27, on 06/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile] C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] C:\WINNT\system32\MSTask[Caution: ExecutableFile] C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile] C:\WINNT\System32\mspmspsv[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\system32\tp4serv[Caution: ExecutableFile] C:\WINNT\system32\atiptaxx[Caution: ExecutableFile] C:\WINNT\LTSMMSG[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] C:\WINNT\system32\PRPCUI[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\AGRSMMSG[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] C:\Program Files\Libgrb\Xwsi[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] C:\WINNT\system32\internat[Caution: ExecutableFile] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile] C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net; R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile] O1 - Hosts: 66.250.171.167 sitefinder.verisign.com O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com O1 - Hosts: 66.250.57.9 view.atdmt.com O1 - Hosts: 66.250.57.9 click.atdmt.com O1 - Hosts: 66.250.57.9 leader.linkexchange.com O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile] O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile] O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT O4 - HKLM\..\Run: [sountskmanager] sountaskmgr O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile] O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile] O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile] O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile] O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâà Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 ok forget what i said. plan b now. Have you been clicking links in emails? it looks like you have. In other words I am concerned that you might have the sober.p virus and a few other trojans... Please run full scans with Ad-Aware SE and Spybot-S&D as follows: (If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.) Full Ad-Aware Scan Please download Ad-Aware SE from here: http://www.majorgeeks.com/download506.html Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file. Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected: 1) Automatically save log-file 2) Automatically quarantine objects prior to removal 3) Safe Mode (always request confirmation) Click the "Scanning" button on the left-hand side and make sure the following options are selected: 1) Scan within archives 2) Scan active processes 3) Scan registry 4) Deep scan registry 4) Scan my IE Favorites for banned URLs 5) Scan my Hosts file Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected: 1) Unload recognized processes & modules during scanning 2) Obtain command line of scanned processes 3) Scan registry for all users instead of current user only Click on "Cleaning Engine" and make sure the following options are selected: 1) Always try to unload modules before deletion 2) During removal, unload Explorer and IE if necessary 3) Let Windows remove files in use at next reboot 4) Delete quarantined objects after restoring Finally, click on "Safety Settings" and make sure the following options are selected: 1) Automatically select problematic objects in results lists 2) Write-protect system files after repair (Hosts file, etc) Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer. Spybot Full Scan Next, please download Spybot-S&D from here: http://www.majorgeeks.com/download.php?det=2471 Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again. Then try this online virus scan: Trend- Micro Choose "fix" or "clean". Let it remove any infections found. Reboot and "copy/paste" a new Hijack This! log file into this thread. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 6, 2005 Author Share Posted November 6, 2005 Wow, thanks for all that help. I do have Adaware and Spybot but I aslo share a computer with my sister :? . I'm running adaware now although I couldn't find this part anywhere: Finally, click on "Safety Settings" and make sure the following options are selected: 1) Automatically select problematic objects in results lists 2) Write-protect system files after repair (Hosts file, etc) I also have an antivirus called AntiVir. When I try to open this I get a message saying something like "No viruses, trojans or spyware were found!". This also happened when I tried to run HJT. Has me kinda worried... Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 6, 2005 Share Posted November 6, 2005 yeh not supprised at all. I can see at least a trojan 1 sober.p varient (might be the "o") a new virus that has just came out a few days ago. (doesn't have a name yet) I decided not to continue analyzing it until you have ran the scans because it is soo bad. Quote: Finally, click on "Safety Settings" and make sure the following options are selected: 1) Automatically select problematic objects in results lists 2) Write-protect system files after repair (Hosts file, etc) ok don't worry about that. can you also run these online scans ontop of that one. Please run the Housecall online virus scan located at: http://housecall.trendmicro.com/houseca ... t_corp.asp Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer. Then please run the Panda scan here: http://www.pandasoftware.com/products/a ... ncipal.htm Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer. Finally, please run the WindowSecurity trojan scan here: http://www.windowsecurity.com/trojanscan/ Remove any trojans found, and restart your computer. These should get rid of most of the bad entries. If you cannot run HJT v1.99.1 you might want to try these (again it's taken from my canned speech so it might sound wrong):- Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step: Step # 1 Rename HijackThis[Caution: ExecutableFile] to H[Caution: ExecutableFile]. Try a scan. If it works, post the log back here. If not, proceed to the next step. Step # 2 Go to this link and download the 1.98.2 version of HijackThis[Caution: ExecutableFile]: hijackthis1.98.2 Try a scan. If it works, post the log back here. If not, proceed to the next step. Step # 3 Click here and download Itty Bitty Process Manager (IBProcMan.zip): ibprocman. Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes. Don't stop any yet, just list all that it has so whe can check them and give advice. Post the list back here. btw is your desktop looking normal (you know like has it got anything odd)? Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 6, 2005 Author Share Posted November 6, 2005 I will do all of those scans. My desktop looks ok but I have not been able to open the task manager and the computer has been kind of slow for the last day or two. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 6, 2005 Author Share Posted November 6, 2005 Thanks alot coltm4carbine, your canned speech was just fine although the panda link did not work. I'm running the windowsecurity trojan scan atm and have already run adaware, spybot and the trend micro one. After running all of these (except the Trojan scan one) windows task manager would still not open. The trend micro one found some things that it "could not access". Maybe thats the problem? Anyway I'll finish up the scan that's running right now then post a new HJT log and we will see. Thanks again. This advice has been very useful and I do appreciate you taking your time to put it together. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 7, 2005 Author Share Posted November 7, 2005 After doing this scan; http://www.windowsecurity.com/trojanscan/ I am left with a list of files on my computer. Are these files after being deleted or is this scan just telling me what is wrong with my computer. there is red link under the list of files saying "To clean your computer and stay protected, click here to download a-squared Personal now!" Do I have to click this for it to delete the viruses it found and if so, is it free?? Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 7, 2005 Author Share Posted November 7, 2005 I think the trojan is gone. Task manager is opening fine as well as my antivirus and HJT. Here is the new HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 02:56:16, on 07/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile] C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile] C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] C:\WINNT\system32\MSTask[Caution: ExecutableFile] C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile] C:\WINNT\System32\mspmspsv[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\WINNT\system32\tp4serv[Caution: ExecutableFile] C:\WINNT\system32\atiptaxx[Caution: ExecutableFile] C:\WINNT\LTSMMSG[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] C:\WINNT\system32\PRPCUI[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\AGRSMMSG[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\WINNT\system32\internat[Caution: ExecutableFile] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] C:\Program Files\a-squared\a2guard[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net; R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile] O1 - Hosts: 66.250.171.167 sitefinder.verisign.com O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com O1 - Hosts: 66.250.57.9 view.atdmt.com O1 - Hosts: 66.250.57.9 click.atdmt.com O1 - Hosts: 66.250.57.9 leader.linkexchange.com O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile] O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile] O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT O4 - HKLM\..\Run: [sountskmanager] sountaskmgr O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile] O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile] O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile] O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile] O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâà Link to comment Share on other sites More sharing options...
Mercifull Posted November 7, 2005 Share Posted November 7, 2005 Uninstall 'SpywareCleaner' as is is a dubious program which is probably the cause of the crap on your pc and not the fix Ctrl+alt+del the following processes C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] Fix the following R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O1 - Hosts: 66.250.171.167 sitefinder.verisign.com O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com O1 - Hosts: 66.250.57.9 view.atdmt.com O1 - Hosts: 66.250.57.9 click.atdmt.com O1 - Hosts: 66.250.57.9 leader.linkexchange.com O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing) O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile] O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile] O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile] O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile] O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâà Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 7, 2005 Author Share Posted November 7, 2005 I deleted those things. I am still getting a message whenever I try to open my antivirus or HJT that says: AntiVirus (thats the title) No Viruses, Trojans or Spyware found! Status: OK I have to leave that message open and then try open HJT or my antivirus again. If I click ok or x the message it will just keep coming up when I click on HJT or my antivirus. Here's my HJT Log once again: Logfile of HijackThis v1.99.1 Scan saved at 12:24:18, on 07/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile] C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile] C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] C:\WINNT\system32\MSTask[Caution: ExecutableFile] C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\WINNT\System32\mspmspsv[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\system32\tp4serv[Caution: ExecutableFile] C:\WINNT\system32\atiptaxx[Caution: ExecutableFile] C:\WINNT\LTSMMSG[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] C:\WINNT\system32\PRPCUI[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] C:\WINNT\regit[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\AGRSMMSG[Caution: ExecutableFile] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] C:\WINNT\system32\internat[Caution: ExecutableFile] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\a-squared\a2guard[Caution: ExecutableFile] C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile] C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net; F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile] O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile] O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT O4 - HKLM\..\Run: [sountskmanager] sountaskmgr O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile] O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile] O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile] O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]" O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile] O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile] O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing) O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing) O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile] O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile] O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 7, 2005 Share Posted November 7, 2005 i guess i should let him take over the log then cos i don't want what happened last time to be repeated. ok using another canned speech for ewido security suite. might not be helpful but it should hopefully pick up any trojans that the other scanners have missed. Welcome, Please follow the instructions provided, you may want to print out these instructions and use them as a reference. First: Please download ewido security suite it is a trial version of the program. [*:1emcjs9n]Install ewido security suite [*:1emcjs9n]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". [*:1emcjs9n]Launch ewido, there should be an icon on your desktop double-click it. [*:1emcjs9n]The program will prompt you to update click the OK button [*:1emcjs9n]The program will now go to the main screenYou will need to update ewido to the latest definition files. [*:1emcjs9n]On the left hand side of the main screen click update [*:1emcjs9n]Click on StartThe update will start and a progress bar will show the updates being installed. Once the updates are installed do the following: [*:1emcjs9n]Click on scanner [*:1emcjs9n]Make sure the following boxes are checked before scanning: [*:1emcjs9n]Binder [*:1emcjs9n]Crypter [*:1emcjs9n]Archives [*:1emcjs9n]Click on Start Scan [*:1emcjs9n]Let the program scan the machineWhile the scan is in progress you will be prompted to clean files, click OK Once the scan has completed, there will be a button located on the bottom of the screen named Save report [*:1emcjs9n]Click Save report [*:1emcjs9n]Save the report to your desktopReboot your machine and post back a new HJT Log and the Ewido Scan .txt Log file you saved by using Add Reply Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 8, 2005 Author Share Posted November 8, 2005 I will do this and post the new log tomorrow Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 8, 2005 Author Share Posted November 8, 2005 I did the ewido scan and deleted everything it found. The log is below. I then ran HJT and that log is in the following post --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 16:48:06, 08/11/2005 + Report-Checksum: D1829270 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj -> Spyware.BetterInternet : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID\\ -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1 -> Spyware.BetterInternet : Cleaned with backup HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1\CLSID\\ -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr23.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr23.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr24.clsDW -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\IExplorr24.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673}\TypeLib\\ -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{1620D17D-F2B5-43BE-8ED4-6B22E321D2A3} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{22CBCB4C-E9DF-4D25-86BC-FFDA4DF8FC06} -> Spyware.InetSpeak : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{230C3786-1C2C-45BD-9D2D-9D277FCE6289} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Classes\WinAdToolsX.Installer -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Classes\WinCommX.Installer -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\.Owner -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\.Owner -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\{12398DD6-40AA-4C40-A4EC-A42CFC0DE797} -> Spyware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\.Owner -> Spyware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\DLMax -> Spyware.BetterInternet : Cleaned with backup HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup C:\WINNT\system\UpdInstall[Caution: ExecutableFile] -> Spyware.VX2 : Cleaned with backup C:\WINNT\Explor[Caution: ExecutableFile] -> Heuristic.Win32.Dialer : Cleaned with backup C:\WINNT\CPU_[Caution: ExecutableFile] -> Dialer.Generic : Cleaned with backup C:\WINNT\iLookup -> Adware.eZula : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\BDAOUUFH\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5WOJDXCT\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\6LRO9S7E\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SV1FAQB1\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.30:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.37:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup :mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.83:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.84:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.85:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.86:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.89:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.90:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.97:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.117:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.118:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.119:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.120:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.122:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.123:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Oewabox : Cleaned with backup :mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.169:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup :mozilla.170:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.171:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.172:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.173:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.174:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.176:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.177:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.181:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.185:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.186:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.187:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.188:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.189:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.190:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.191:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.192:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.193:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.194:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.220:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.222:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.224:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.225:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.226:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.243:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.255:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.256:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.257:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.258:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.259:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.260:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.268:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.269:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.270:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.312:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.320:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.324:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.327:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup :mozilla.342:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup :mozilla.348:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.349:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.350:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.354:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup :mozilla.356:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.376:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup :mozilla.378:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.379:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.380:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup :mozilla.444:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.470:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.472:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.486:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.487:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.488:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.489:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.513:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.514:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.515:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.516:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.518:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.547:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.571:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.572:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.573:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.574:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.575:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.576:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.605:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup :mozilla.607:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.654:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.655:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.656:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.657:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.659:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.667:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.668:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.709:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.716:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.717:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.718:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.719:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.756:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.760:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.763:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.780:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.781:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.811:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.813:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.814:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.815:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.816:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup :mozilla.824:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.825:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.826:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.827:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.861:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup :mozilla.866:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup :mozilla.886:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.889:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Admin\Complete\SWAT 4 + patch1.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Splinter Cell - Chaos Theory.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\10 Secrets To Great Sex - Secret 3.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Age of Mythology The Titans.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Symantec Norton Ghost 10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Paris Dakar Rally.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\BlackICE PC Protection 3.6com.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\SWAT 4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Transporter 2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Trend Micro Pattern File 2.773.00.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Camtasia Studio 3.01.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\DEKSI Network Inventory 4.4.2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Splinter Cell Pandora Tommorow.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Adobe Premier Pro 7.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Doom (2005) The.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\MP3 Audio Sound Recorder 1.32.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Avast Antivirus Pro 4.6.691.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\PC-Cillin Internet Security 2006.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Symantec Norton Mega Pack.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Auto MP3 Player 1.26.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\BeFaster 3.55.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\McAfee Virus Definitions 4555.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\3d Studio Max 8.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Elizabethtown.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Delta Force Xtreme + patch 1.6.5.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\The Myth (2005).RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Powerdvd Copy 1.0.0.701.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Aurora Video VCDDVD Converter&Crea.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Aurora Media Workshop 2.4.16.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Power Video Converter 1.4.11.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Plato DVD Ripper 1.30.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Archivarius 3000 3.23.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Easy DVD Clone 3.0.4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Absolute Video Converter 2.5.6.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Game XP 1.5.8.10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\NewsReactor 1.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\Easy GIF Animator 3.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\ImTOO DVD Audio Ripper 2.0.55.801.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\ImTOO 3GP Video Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Admin\Complete\ImTOO AVI MPEG Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] -> Adware.MediaAccess : Cleaned with backup C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup C:\Program Files\AVPersonal\INFECTED\MSBB[Caution: ExecutableFile].VIR -> Spyware.180Solutions : Cleaned with backup C:\Program Files\AVPersonal\INFECTED\ANI[1].ANR.VIR -> TrojanDownloader.Ani.c : Cleaned with backup C:\Program Files\AVPersonal\INFECTED\M11[1].JPG.VIR/y.bat -> Trojan.Zapchast : Cleaned with backup C:\Program Files\winupdates\a.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup ::Report End Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 8, 2005 Author Share Posted November 8, 2005 And here's the HJT log for after the ewido scan: Logfile of HijackThis v1.99.1 Scan saved at 16:49:23, on 08/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile] C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] C:\WINNT\system32\MSTask[Caution: ExecutableFile] C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile] C:\WINNT\System32\mspmspsv[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\system32\tp4serv[Caution: ExecutableFile] C:\WINNT\system32\atiptaxx[Caution: ExecutableFile] C:\WINNT\LTSMMSG[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] C:\WINNT\system32\PRPCUI[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\AGRSMMSG[Caution: ExecutableFile] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] C:\WINNT\system32\internat[Caution: ExecutableFile] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\a-squared\a2guard[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile] C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile] C:\WINNT\system32\NOTEPAD[Caution: ExecutableFile] C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net; F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile] O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile] O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT O4 - HKLM\..\Run: [sountskmanager] sountaskmgr O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile] O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile] O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile] O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]" O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile] O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile] O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile] O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing) O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing) O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile] O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile] O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 8, 2005 Share Posted November 8, 2005 Your computer is a lot worst than i thought it would be... how long have this error message about your AV been popping up? If you disable "sountaskmgr or sountaskmgr[Caution: ExecutableFile]" does the error message still pop up? suprisingly the unindentified trojan/ worm is still here... and i am sure it is bad but i won't fix it incase i am wrong. ok another canned speech this time for submitting a file see if it comes back negative. I am a bit suprised that they still haven't found out the trojan/ worm from the online scans. If you know it, tell me what it is and if not, please can you also submit the following file to one of these online file scanners. Be sure you're able to view hidden files , and find the following files/ folders in bold (if found) and send it to the online scanner listed below: sountaskmgr (most like to be somewhere in the C:\WINDOWS\System32 folder but i won't count on it.) Jotti File Scan VirusTotal File Scan This will produce a report after the scan is complete, please copy and paste those results in your next post. After that you will need to rehide the files. see if it comes back with anything. forget that link its not going to help if you use symantec. McAfee only. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 8, 2005 Author Share Posted November 8, 2005 I don't have a C:\WINDOWS\System32 but I do have C:\WINNT\System32. I checked that folder and there's no soundtaskmgr. Where else should I look or do I have to run a search on my whole computer? Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 8, 2005 Share Posted November 8, 2005 opps i think i clicked on a bad link while looking at your first log. nvm. yeh soz i meant C:\WINNT\System32. ok fix that 04 line too. it should come out bad anyway. I did want you to send it to webimmune to get it analyzed by hand but nvm- thats for McAfee users only (link i got anyway). omfg i don't beieve this... i forgot to press submit. anyway heres the reply like half and hour ago. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 8, 2005 Author Share Posted November 8, 2005 I'm sorry, what O4 line? and what about this soundtaskmgr thing? Do I forget that? Got to sleep noe but I'll check back tomorrow Link to comment Share on other sites More sharing options...
Mercifull Posted November 9, 2005 Share Posted November 9, 2005 Mmm i think i'll leave the "expert" to carry on with this help thread then... Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 9, 2005 Share Posted November 9, 2005 ok can you post a new hijack this log? if you disable sountaskmgr from the task manager (ctrl+alt+delete) does the "AntiVirus (thats the title) No Viruses, Trojans or Spyware found! Status: OK" still appear? :( i was gonna let mercifull take over once i have sorted out the main infections - i will be on holiday soon and i won't have a pc. besides mercifull will know a lot more than me. Link to comment Share on other sites More sharing options...
fakeeoghan Posted November 10, 2005 Author Share Posted November 10, 2005 The message still appears and I cannot find that soundtaskmgr in the task manager's list of processes. Here's the new HJT Log. Logfile of HijackThis v1.99.1 Scan saved at 17:43:46, on 10/11/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile] c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile] C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] C:\WINNT\system32\MSTask[Caution: ExecutableFile] C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile] C:\WINNT\System32\mspmspsv[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\system32\tp4serv[Caution: ExecutableFile] C:\WINNT\system32\atiptaxx[Caution: ExecutableFile] C:\WINNT\LTSMMSG[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] C:\WINNT\system32\PRPCUI[Caution: ExecutableFile] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\AGRSMMSG[Caution: ExecutableFile] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] C:\WINNT\system32\internat[Caution: ExecutableFile] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\a-squared\a2guard[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\2003\AUSTIN\Eoghan\runescape stuff\runescape[Caution: ExecutableFile] C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net; F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile] O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile] O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile] O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile] O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile] O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile] O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT O4 - HKLM\..\Run: [sountskmanager] sountaskmgr O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile] O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile] O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile] O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile] O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile] O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile] O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]" O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile] O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile] O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile] O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile] O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing) O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing) O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile] O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile] O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile] O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile] O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile] O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile] O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile] O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted November 10, 2005 Share Posted November 10, 2005 The message still appears and I cannot find that soundtaskmgr in the task manager's list of processes. thats because it is sountaskmgr (<- notice the missing "d") ok no worries. do you know what ECO-CEE.at.schneider-electric.com is? Same canned speech as before- i don't know what you have been doing but to me it's getting worst. W32/Sober.r@MM mass-mailing worm- don't open attachments in email!!! W32/Sdbot-ACG worm. first try and update your computer- lots of Vulnerabilities. after the update(s) then can you do this (i know you have already done this but i am not convinced your computer is clean from viruses): Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro. After those scans (again) downlod this: Stinger. run it. after all that post back a new log. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now