Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Excessive Pop-ups

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default Excessive Pop-ups

    I got a virus through a messenger program, it caused a massive amount of pop-ups, and messages at start-up. I was able to clean most of it up, and get rid of the messages at start-up, but a few of the pop-ups still persist. I use Mozilla as my main browser, but a few show up in Internet Explore as well. Any help on fully removing these would help, and any other problem area.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:52:11 PM, on 10/21/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\uipnr.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,fdwrduy.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
    O4 - HKLM\..\Run: [ms] C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

  2. #2
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,326

    Default

    HI

    Please follow the instructions in this link to remove the Alcan Worm from your computer :-

    http://www.geekstogo.com/forum/How_t...rm-t98929.html

    THEN...

    Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Do not proceed with the rest of the fix if you fail to run combofix
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    I let both programs (Brute Force Uninstaller and Combofix) do their jobs, and here is what I came up with.

    First is the Combofix log-
    default - Sun 10/22/2006 14:39:25.54 Service Pack 4
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\default\Desktop"

    ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


    * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


    O4 - HKCU\...\Run C:\WINNT\system32\eyyjsp.exe
    O4 - HKLM\...\Run C:\WINNT\system32\eyyjsp.exe
    F2 -REG:system.ini: Shell C:\WINNT\system32\uipnr.exe


    * * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


    C:\WINNT\system32\eyyjsp.exe
    C:\WINNT\system32\kgykjxk.dll
    C:\WINNT\system32\fdwrduy.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wglky.exe
    C:\WINNT\dtgqj.dll
    C:\WINNT\system32\kvnne.dat
    C:\WINNT\system32\uipnr.exe


    * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


    06-10-21 21:20 127488 eyyjsp.exe.qoo
    06-10-21 20:11 127488 wglky.exe.qoo
    06-10-22 13:34 51712 kgykjxk.dll.qoo
    06-10-22 11:10 28672 uipnr.exe.qoo
    06-10-21 20:11 52 eeqooo.dat.qoo

    DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\{3B773060-0774-1033-0421-040327030001}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\WINNT\MBOLS~1
    C:\QooBox\Purity\WINNT\MBOLS~1\??mbols
    C:\QooBox\Purity\WINNT\MBOLS~1\??mbols\dohinst-103.0000


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


    2006-10-22 11:07 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
    2006-10-22 11:07 7,296 --a------ C:\WINNT\system32\drivers\pxcom.sys
    2006-10-22 11:07 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
    2006-10-22 11:07 264,832 --a------ C:\WINNT\system32\drivers\pxfsf.sys
    2006-10-22 11:07 18,304 --a------ C:\WINNT\system32\drivers\pxtdi.sys
    2006-10-22 11:07 13,568 --a------ C:\WINNT\system32\drivers\pxrd.sys
    2006-10-22 11:07 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
    2006-10-21 23:23 167,936 --a------ C:\WINNT\system32\SpoonUninstall.exe
    2006-10-21 22:07 40,960 --a------ C:\Look2Me-Destroyer.exe
    2006-10-21 20:37 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
    2006-10-21 20:13 2 --a------ C:\WINNT\system32\wnscptr.exe
    2006-10-21 20:13 126,976 --a------ C:\WINNT\system32\bfnedqlh.dll
    2006-10-21 20:12 918 --a------ C:\WINNT\system32\winpfg32.sys
    2006-10-21 20:11 505 --a------ C:\WINNT\dtgqj.dll
    2006-10-21 20:11 349,696 --a------ C:\921_135b.exe
    2006-10-21 20:11 183,478 --a------ C:\WINNT\srvitiynjg.exe
    2006-10-21 20:11 1,259 --a------ C:\WINNT\system32\hfj2dfc3.sys
    2006-10-21 20:10 32,768 --a------ C:\DXC9.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32drei.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\lkyaekrrr.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\drei.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32vypqj.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\vypqj.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\pi2pl.exe
    2006-10-21 20:10 200,704 --a------ C:\WINNT\system32\lqe2z.dll
    2006-10-21 20:10 160,256 --a------ C:\WINNT\system32\aybry.dll
    2006-10-21 20:10 10,479 --a------ C:\rorjxk.exe
    2006-10-21 20:10 1,465 --a------ C:\ilchoy.exe
    2006-10-21 20:10 0 --a------ C:\WINNT\system32uaw5wah6a.exe
    2006-10-21 20:09 76,800 --a------ C:\nckige.exe
    2006-10-21 20:09 75,776 --a------ C:\avoxqu.exe
    2006-10-21 20:09 45,056 --a------ C:\w77uxb8v9.exe
    2006-10-21 20:09 10,752 --a------ C:\WINNT\system32\MZU_DRV.sys
    2006-10-14 19:34 45,056 --a------ C:\WINNT\system32\WNASPI32.DLL
    2006-10-14 19:34 16,877 --a------ C:\WINNT\system32\drivers\ASPI32.SYS
    2006-10-14 18:55 82,432 --a------ C:\WINNT\system32\drmstor.dll
    2006-10-14 18:55 737,280 --a------ C:\WINNT\iun6002.exe
    2006-10-14 18:55 301,712 --a------ C:\WINNT\system32\drmclien.dll
    2006-10-12 17:42 243,472 --a------ C:\WINNT\scout.exe
    2006-09-22 08:38 53,248 --a------ C:\WINNT\109uninst.exe
    2006-09-22 08:36 53,248 --a------ C:\WINNT\uni_7eh.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-22 14:41 -------- d-------- C:\Program Files\Prevx1
    2006-10-22 14:39 -------- d-a------ C:\Program Files\Common Files
    2006-10-22 13:46 -------- d-------- C:\Program Files\PSDream
    2006-10-22 11:07 -------- d-------- C:\Documents and Settings\default\Application Data\Prevx
    2006-10-21 21:27 -------- d-------- C:\Program Files\Mozilla Thunderbird
    2006-10-21 21:14 -------- d-------- C:\Program Files\Common Files\uiwr
    2006-10-21 21:04 -------- d-------- C:\Documents and Settings\default\Application Data\Lavasoft
    2006-10-14 19:34 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
    2006-10-14 19:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-10-14 18:55 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-09 18:02 -------- d---s---- C:\Documents and Settings\default\Application Data\Microsoft
    2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
    2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE
    2006-09-05 22:58 1110528 --a------ C:\WINNT\system32\msxml3.dll
    2006-08-30 20:31 8413 --a------ C:\WINNT\system32\drivers\mcstrm.sys
    2006-08-29 21:41 -------- d-------- C:\Documents and Settings\default\Application Data\River Past G2
    2006-08-29 21:33 -------- d-------- C:\Documents and Settings\default\Application Data\Real
    2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\xing shared
    2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\Real
    2006-08-28 05:03 529680 --a------ C:\WINNT\system32\comctl32.dll
    2006-08-25 22:56 -------- d-------- C:\Program Files\Opera
    2006-08-25 22:56 -------- d-------- C:\Documents and Settings\default\Application Data\Opera
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft.NET
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft Office
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\System
    2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
    2006-08-07 09:17 61440 --a------ C:\WINNT\system32\BattyRun2.dll
    2006-08-04 09:37 73728 --a------ C:\WINNT\system32\dpl100.dll
    2006-08-04 09:37 196608 --a------ C:\WINNT\system32\dtu100.dll
    2006-07-26 20:05 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
    2006-07-26 20:05 109568 --------- C:\WINNT\system32\pxinsi64.exe
    2006-07-26 20:05 108544 --------- C:\WINNT\system32\pxcpyi64.exe
    2006-07-24 23:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
    2006-07-06 22:50 271 ---h----- C:\Program Files\desktop.ini
    2006-07-06 22:50 21952 ---h----- C:\Program Files\folder.htt


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "_mzu_stonedrv8"="c:\\winnt\\system32\\_mzu_stonedrv8.exe"
    "Hand"="\"C:\\WINNT\\MBOLS~1\\spool32.exe\" -vt yazb"
    "uiwr"="C:\\PROGRA~1\\COMMON~1\\uiwr\\uiwrm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "TI WLAN"="C:\\Program Files\\Wirelwss LAN Utility\\TIWLANCu.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
    "EnvyHFCPL"="C:\\Program Files\\Turtle Beach Catalina\\EnMixCPL.exe"
    "Gnetmous"="C:\\Program Files\\COMPAQ\\Scroll Mouse\\gnetmous.exe"
    "projselector"="\"C:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
    "RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
    "SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\common\\swtrayv4.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "PNAgent"="\"E:\\Program Files\\PhatNoise Media Manager\\PNAgent.exe\""
    "ntdll.dll"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
    "ms05691299766"="C:\\WINNT\\ms05691299766.exe"
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000003
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,c0
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095
    "CDRAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "DCOM Server 2236"="{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"
    "mwvjYaBCBcRn"="{3B773061-91DD-9ACB-B7FC-719267519B02}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: Sun 2006-10-22 14:41:39.92
    C:\ComboFix.txt ... 06-10-22 14:41
    Second, a new HiJackThis log-
    Logfile of HijackThis v1.99.1
    Scan saved at 2:46:13 PM, on 10/22/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    Thanks much for your help!

  4. #4
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,326

    Default

    Hi

    You are not helping by installing new programs whilst we are trying to clean your computer...

    Your log looks much better, but there is still more to do....

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe

    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe

    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)


    Reboot...

    Please download Panda ActiveScan :-

    http://www.pandasoftware.com/products/activescan.htm

    1. click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it to...

    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

    9. When download is complete, click on My Computer to start the scan

    When the scan completes, if anything malicious is detected...

    10. click the See Report button,
    11. then Save Report and save it to a convenient location.

    Post the ActiveScan report...

    & a new hijackthis log...


    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    32,726

    Default

    scout90?
    Microsoft MVP. Consumer Security 2006-2014


  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    Done, and done! Sorry for the delay, been away from home the last week.
    Logfile of HijackThis v1.99.1
    Scan saved at 3:23:32 PM, on 10/29/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Media Center\Media Jukebox.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

  7. #7
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    And the ActiveScan report.

    Incident Status Location

    Adware:Adware/DollarRevenue Not disinfected C:\avoxqu.exe
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.atdmt.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.fastclick.net/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.atwola.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.adtech.de/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.club.cdfreaks.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.com.com/]
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.findwhat.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.overture.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.revenue.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\default\Cookies\default@2o7[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Cookies\default@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Cookies\default@adrevolver[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@drivecleaner[2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@stats.drivecleaner[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@www.drivecleaner[2].txt
    Adware:Adware/DeluxeComunications Not disinfected C:\DXC9.exe
    Adware:Adware/Ourxin Not disinfected C:\ilchoy.exe
    Adware:Adware/DollarRevenue Not disinfected C:\nckige.exe
    Adware:Adware/CWS Not disinfected C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080302\drv.exe
    Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Y1324OA.exe
    Adware:Adware/Qoologic Not disinfected C:\QooBox\eyyjsp.exe.qoo
    Adware:Adware/Qoologic Not disinfected C:\QooBox\kgykjxk.dll.qoo
    Virus:Trj/Qoologic.J Disinfected C:\QooBox\uipnr.exe.qoo
    Adware:Adware/Qoologic Not disinfected C:\QooBox\wglky.exe.qoo
    Virus:Trj/Downloader.KZA Disinfected C:\rorjxk.exe
    Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvitiynjg.exe
    Adware:Adware/NewAds Not disinfected C:\WINNT\system32\BattyRun2.dll
    Possible Virus. Not disinfected C:\WINNT\system32\bfnedqlh.dll
    Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts.20061021-224931.backup
    Adware:Adware/CommAd Not disinfected C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs
    Adware:Adware/Trymedia Not disinfected D:\My Documents\Downloads\18wosHaulin\18WheelsHaulin-dm.exe

  8. #8
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,326

    Default

    Download and install the 30 day trial of Ewido Anti-Spyware from HERE :-

    Ewido is now called - AVG Anti-Spyware 7.5

    http://www.ewido.net/en/download/

    1. Download it to your desktop
    2. Doubleclick the ewido icon to start the ewido setup process...
    3. update the definition files....
    Click the Update icon then select the Update now link...
    Select the Start Update button, the update will start and a progress bar will show the updates being installed.
    4. select the Scanner icon at the top of the screen, then select the Settings tab
    click on Recommended actions and then select Quarantine
    5. Under Reports...
    Select Automatically generate report after every scan
    Un-Select Only if threats were found
    6. Close Ewido > Do not run the scan yet.

    Boot your computer into Safemode

    1. Go to Start> Shut Off your Computer> Restart
    2. As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
    3. Use the Up and Down Arrow Keys to scroll up to SAFEMODE
    4. Then press the Enter on your Keyboard

    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process

    1. Launch Ewido-Anti-Spyware by double-clicking the icon on your desktop.
    2. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
    3. Ewido will now begin the scanning process, be patient this may take a little time.
    4. Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select Apply all actions
    6. Next select the Reports icon at the top.
    7. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
    8. make sure to remember where you saved that file, this is important
    9. Close Ewido
    10. Copy & paste the ewido report in your next post

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  9. #9
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    Done, and here is the report.

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:23:10 PM 10/30/2006

    + Scan result:



    C:\WINNT\system32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\Program Files\PSDream\PSDream.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\Temp\ASHeuristic\bfnedqlh_dll.vir -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINNT\system32\bfnedqlh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\DXC9.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\18wosHaulin\18WheelsHaulin-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    D:\My Documents\Line Rider\photo656.pif -> Backdoor.MSNMaker.w : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080302\drv.exe -> Downloader.Adload.hd : Cleaned with backup (quarantined).
    C:\w77uxb8v9.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
    C:\QooBox\eyyjsp.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\QooBox\kgykjxk.dll.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\QooBox\wglky.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
    C:\ilchoy.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\uiwr\uiwrd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
    C:\avoxqu.exe -> Hijacker.Costrat.e : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    D:\RECYCLER\S-1-5-21-343818398-287218729-839522115-1000\Dd10\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    E:\Program Files\Media Center\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
    C:\WINNT\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.105:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.106:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.107:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.108:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.109:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.110:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.111:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.112:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.113:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.114:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.115:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.116:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.117:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.118:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.119:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.120:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.121:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.122:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.123:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\default\Cookies\default@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.86:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.87:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
    :mozilla.220:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\default\Cookies\default@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.221:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.222:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.56:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.57:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.58:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.59:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.60:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.55:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.83:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
    :mozilla.85:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.88:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.89:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.235:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.236:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.237:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.238:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.239:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.31:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.247:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.72:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.73:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.74:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.75:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.250:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
    :mozilla.84:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
    C:\Documents and Settings\default\Cookies\default@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.61:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.65:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.52:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.53:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.54:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.78:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.79:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.80:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.81:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.82:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\default\Cookies\default@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.217:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.218:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.219:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.184:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.185:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.160:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.161:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.32:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.33:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.38:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.39:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.66:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.68:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.69:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.70:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.275:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.136:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.137:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.138:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\J. River MEDIA CENTER 10.0.155 .rar/jrmc10110.rar/backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch2.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch3.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch4.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch5.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch6.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\jrmc10110.rar/backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
    C:\WINNT\system32\pi2pl.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINNT\system32\vypqj.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINNT\system32vypqj.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\nckige.exe -> Trojan.Sinowal.bg : Cleaned with backup (quarantined).
    C:\WINNT\109uninst.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINNT\uni_7eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


    ::Report end

  10. #10
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    And a new HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:30:45 PM, on 10/30/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\WINNT\system32\NOTEPAD.EXE
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •