Results 1 to 10 of 14

Thread: Excessive Pop-ups

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default Excessive Pop-ups

    I got a virus through a messenger program, it caused a massive amount of pop-ups, and messages at start-up. I was able to clean most of it up, and get rid of the messages at start-up, but a few of the pop-ups still persist. I use Mozilla as my main browser, but a few show up in Internet Explore as well. Any help on fully removing these would help, and any other problem area.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:52:11 PM, on 10/21/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\uipnr.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,fdwrduy.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
    O4 - HKLM\..\Run: [ms] C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
    O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

  2. #2
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    HI

    Please follow the instructions in this link to remove the Alcan Worm from your computer :-

    http://www.geekstogo.com/forum/How_t...rm-t98929.html

    THEN...

    Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Do not proceed with the rest of the fix if you fail to run combofix
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    I let both programs (Brute Force Uninstaller and Combofix) do their jobs, and here is what I came up with.

    First is the Combofix log-
    default - Sun 10/22/2006 14:39:25.54 Service Pack 4
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\default\Desktop"

    ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


    * * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


    O4 - HKCU\...\Run C:\WINNT\system32\eyyjsp.exe
    O4 - HKLM\...\Run C:\WINNT\system32\eyyjsp.exe
    F2 -REG:system.ini: Shell C:\WINNT\system32\uipnr.exe


    * * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


    C:\WINNT\system32\eyyjsp.exe
    C:\WINNT\system32\kgykjxk.dll
    C:\WINNT\system32\fdwrduy.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wglky.exe
    C:\WINNT\dtgqj.dll
    C:\WINNT\system32\kvnne.dat
    C:\WINNT\system32\uipnr.exe


    * * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


    06-10-21 21:20 127488 eyyjsp.exe.qoo
    06-10-21 20:11 127488 wglky.exe.qoo
    06-10-22 13:34 51712 kgykjxk.dll.qoo
    06-10-22 11:10 28672 uipnr.exe.qoo
    06-10-21 20:11 52 eeqooo.dat.qoo

    DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\{3B773060-0774-1033-0421-040327030001}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\WINNT\MBOLS~1
    C:\QooBox\Purity\WINNT\MBOLS~1\??mbols
    C:\QooBox\Purity\WINNT\MBOLS~1\??mbols\dohinst-103.0000


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


    2006-10-22 11:07 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
    2006-10-22 11:07 7,296 --a------ C:\WINNT\system32\drivers\pxcom.sys
    2006-10-22 11:07 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
    2006-10-22 11:07 264,832 --a------ C:\WINNT\system32\drivers\pxfsf.sys
    2006-10-22 11:07 18,304 --a------ C:\WINNT\system32\drivers\pxtdi.sys
    2006-10-22 11:07 13,568 --a------ C:\WINNT\system32\drivers\pxrd.sys
    2006-10-22 11:07 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
    2006-10-21 23:23 167,936 --a------ C:\WINNT\system32\SpoonUninstall.exe
    2006-10-21 22:07 40,960 --a------ C:\Look2Me-Destroyer.exe
    2006-10-21 20:37 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
    2006-10-21 20:13 2 --a------ C:\WINNT\system32\wnscptr.exe
    2006-10-21 20:13 126,976 --a------ C:\WINNT\system32\bfnedqlh.dll
    2006-10-21 20:12 918 --a------ C:\WINNT\system32\winpfg32.sys
    2006-10-21 20:11 505 --a------ C:\WINNT\dtgqj.dll
    2006-10-21 20:11 349,696 --a------ C:\921_135b.exe
    2006-10-21 20:11 183,478 --a------ C:\WINNT\srvitiynjg.exe
    2006-10-21 20:11 1,259 --a------ C:\WINNT\system32\hfj2dfc3.sys
    2006-10-21 20:10 32,768 --a------ C:\DXC9.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32drei.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\lkyaekrrr.exe
    2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\drei.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32vypqj.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\vypqj.exe
    2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\pi2pl.exe
    2006-10-21 20:10 200,704 --a------ C:\WINNT\system32\lqe2z.dll
    2006-10-21 20:10 160,256 --a------ C:\WINNT\system32\aybry.dll
    2006-10-21 20:10 10,479 --a------ C:\rorjxk.exe
    2006-10-21 20:10 1,465 --a------ C:\ilchoy.exe
    2006-10-21 20:10 0 --a------ C:\WINNT\system32uaw5wah6a.exe
    2006-10-21 20:09 76,800 --a------ C:\nckige.exe
    2006-10-21 20:09 75,776 --a------ C:\avoxqu.exe
    2006-10-21 20:09 45,056 --a------ C:\w77uxb8v9.exe
    2006-10-21 20:09 10,752 --a------ C:\WINNT\system32\MZU_DRV.sys
    2006-10-14 19:34 45,056 --a------ C:\WINNT\system32\WNASPI32.DLL
    2006-10-14 19:34 16,877 --a------ C:\WINNT\system32\drivers\ASPI32.SYS
    2006-10-14 18:55 82,432 --a------ C:\WINNT\system32\drmstor.dll
    2006-10-14 18:55 737,280 --a------ C:\WINNT\iun6002.exe
    2006-10-14 18:55 301,712 --a------ C:\WINNT\system32\drmclien.dll
    2006-10-12 17:42 243,472 --a------ C:\WINNT\scout.exe
    2006-09-22 08:38 53,248 --a------ C:\WINNT\109uninst.exe
    2006-09-22 08:36 53,248 --a------ C:\WINNT\uni_7eh.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-22 14:41 -------- d-------- C:\Program Files\Prevx1
    2006-10-22 14:39 -------- d-a------ C:\Program Files\Common Files
    2006-10-22 13:46 -------- d-------- C:\Program Files\PSDream
    2006-10-22 11:07 -------- d-------- C:\Documents and Settings\default\Application Data\Prevx
    2006-10-21 21:27 -------- d-------- C:\Program Files\Mozilla Thunderbird
    2006-10-21 21:14 -------- d-------- C:\Program Files\Common Files\uiwr
    2006-10-21 21:04 -------- d-------- C:\Documents and Settings\default\Application Data\Lavasoft
    2006-10-14 19:34 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
    2006-10-14 19:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-10-14 18:55 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-09 18:02 -------- d---s---- C:\Documents and Settings\default\Application Data\Microsoft
    2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
    2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE
    2006-09-05 22:58 1110528 --a------ C:\WINNT\system32\msxml3.dll
    2006-08-30 20:31 8413 --a------ C:\WINNT\system32\drivers\mcstrm.sys
    2006-08-29 21:41 -------- d-------- C:\Documents and Settings\default\Application Data\River Past G2
    2006-08-29 21:33 -------- d-------- C:\Documents and Settings\default\Application Data\Real
    2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\xing shared
    2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\Real
    2006-08-28 05:03 529680 --a------ C:\WINNT\system32\comctl32.dll
    2006-08-25 22:56 -------- d-------- C:\Program Files\Opera
    2006-08-25 22:56 -------- d-------- C:\Documents and Settings\default\Application Data\Opera
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft.NET
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft Office
    2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\System
    2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
    2006-08-07 09:17 61440 --a------ C:\WINNT\system32\BattyRun2.dll
    2006-08-04 09:37 73728 --a------ C:\WINNT\system32\dpl100.dll
    2006-08-04 09:37 196608 --a------ C:\WINNT\system32\dtu100.dll
    2006-07-26 20:05 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
    2006-07-26 20:05 109568 --------- C:\WINNT\system32\pxinsi64.exe
    2006-07-26 20:05 108544 --------- C:\WINNT\system32\pxcpyi64.exe
    2006-07-24 23:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
    2006-07-06 22:50 271 ---h----- C:\Program Files\desktop.ini
    2006-07-06 22:50 21952 ---h----- C:\Program Files\folder.htt


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "_mzu_stonedrv8"="c:\\winnt\\system32\\_mzu_stonedrv8.exe"
    "Hand"="\"C:\\WINNT\\MBOLS~1\\spool32.exe\" -vt yazb"
    "uiwr"="C:\\PROGRA~1\\COMMON~1\\uiwr\\uiwrm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "TI WLAN"="C:\\Program Files\\Wirelwss LAN Utility\\TIWLANCu.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
    "EnvyHFCPL"="C:\\Program Files\\Turtle Beach Catalina\\EnMixCPL.exe"
    "Gnetmous"="C:\\Program Files\\COMPAQ\\Scroll Mouse\\gnetmous.exe"
    "projselector"="\"C:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
    "RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "QuickTime Task"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
    "SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\common\\swtrayv4.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "PNAgent"="\"E:\\Program Files\\PhatNoise Media Manager\\PNAgent.exe\""
    "ntdll.dll"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
    "ms05691299766"="C:\\WINNT\\ms05691299766.exe"
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000003
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,c0
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095
    "CDRAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "DCOM Server 2236"="{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"
    "mwvjYaBCBcRn"="{3B773061-91DD-9ACB-B7FC-719267519B02}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: Sun 2006-10-22 14:41:39.92
    C:\ComboFix.txt ... 06-10-22 14:41
    Second, a new HiJackThis log-
    Logfile of HijackThis v1.99.1
    Scan saved at 2:46:13 PM, on 10/22/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    Thanks much for your help!

  4. #4
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    You are not helping by installing new programs whilst we are trying to clean your computer...

    Your log looks much better, but there is still more to do....

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe

    O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
    O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
    O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe

    O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
    O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)


    Reboot...

    Please download Panda ActiveScan :-

    http://www.pandasoftware.com/products/activescan.htm

    1. click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it to...

    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

    9. When download is complete, click on My Computer to start the scan

    When the scan completes, if anything malicious is detected...

    10. click the See Report button,
    11. then Save Report and save it to a convenient location.

    Post the ActiveScan report...

    & a new hijackthis log...


    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    scout90?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    Done, and done! Sorry for the delay, been away from home the last week.
    Logfile of HijackThis v1.99.1
    Scan saved at 3:23:32 PM, on 10/29/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\PhatNoise Media Manager\PNAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Media Center\Media Jukebox.exe
    D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152303970296
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe

  7. #7
    Junior Member
    Join Date
    Oct 2006
    Posts
    8

    Default

    And the ActiveScan report.

    Incident Status Location

    Adware:Adware/DollarRevenue Not disinfected C:\avoxqu.exe
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.advertising.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.atdmt.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.fastclick.net/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.atwola.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.adtech.de/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.club.cdfreaks.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.com.com/]
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.findwhat.com/]
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.fortunecity.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.overture.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt[.revenue.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\default\Cookies\default@2o7[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Cookies\default@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\default\Cookies\default@adrevolver[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@drivecleaner[2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@stats.drivecleaner[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\default\Cookies\default@www.drivecleaner[2].txt
    Adware:Adware/DeluxeComunications Not disinfected C:\DXC9.exe
    Adware:Adware/Ourxin Not disinfected C:\ilchoy.exe
    Adware:Adware/DollarRevenue Not disinfected C:\nckige.exe
    Adware:Adware/CWS Not disinfected C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080302\drv.exe
    Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Y1324OA.exe
    Adware:Adware/Qoologic Not disinfected C:\QooBox\eyyjsp.exe.qoo
    Adware:Adware/Qoologic Not disinfected C:\QooBox\kgykjxk.dll.qoo
    Virus:Trj/Qoologic.J Disinfected C:\QooBox\uipnr.exe.qoo
    Adware:Adware/Qoologic Not disinfected C:\QooBox\wglky.exe.qoo
    Virus:Trj/Downloader.KZA Disinfected C:\rorjxk.exe
    Spyware:Spyware/7r7t Not disinfected C:\WINNT\srvitiynjg.exe
    Adware:Adware/NewAds Not disinfected C:\WINNT\system32\BattyRun2.dll
    Possible Virus. Not disinfected C:\WINNT\system32\bfnedqlh.dll
    Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts.20061021-224931.backup
    Adware:Adware/CommAd Not disinfected C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs
    Adware:Adware/Trymedia Not disinfected D:\My Documents\Downloads\18wosHaulin\18WheelsHaulin-dm.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •