Can't Run Hijack This!!!! Help!!!

  1. 17-12-2005  #1
    Cobie
    Cobie is offline Full Member

    Wink Can't Run Hijack This!!!! Help!!!

    I was doing just a random search on google and must have come across a bad page because all of a sudden a dialog box popped up saying that I had a spyware infection. Then a red circle containing a white X showed up in my task bar and would pop out a message saying that I had the spyware infection and to click on that circle to remove all spyware. I did not click on it though because I was unsure of what it was.
    It also took over my desktop page. It now has a blue background with a black dialog box and said in BOLD RED LETTERS - Spyware infection and again to click and remove all spyware.
    It has taken over my address start up page from google.ca to about:blank and will not let me change it back for good.

    I keep trying to change the picture on my background but it iwll not let me change that as well.
    I have done everything your site has said. I already had spybot and ad aware downloaded so I ran them both and removed everything it showed. Then I tried to run Hijack this but it will not allow me to even run it. It says it that it is not a valid Win32 application.

    My computer is now REALLY slow and takes at least 7 minutes from when I reboot the computer to even show the icons on the desktop.

    Please help me and let me know how to fix these problems and remove everything that is on here. This laptop is only 3 months old.
    Thanks again
    Cobie
  2. 17-12-2005  #2
    Cobie
    Cobie is offline Full Member
    Just an update


    I downloaded hijackthis again and ran it. Here is the log.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:10:01 PM, on 17/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\windows\system32\rrdsrego.exe
    C:\WINDOWS\system32\rwinssaw.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Cobie\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.messenger.msn.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [{F9-96-64-48-ZN}] C:\windows\system32\rrdsrego.exe DRCA02
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinssaw.exe DRCA02
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinssaw.exe
    O4 - Startup: Z_Start.lnk = C:\inst_drca02.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presar io&pf=laptop
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  3. 18-12-2005  #3
    VopThis
    VopThis is offline Senior Member (Canada)
    Can you get into SAFE MODE upon reboot (at the beep start tapping the F8 key) to run HijackThis?


    If you can, fix the following line items in HJT as follows. Otherwise, try deleting the files listed later below:


    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O4 - HKLM\..\Run: [{F9-96-64-48-ZN}] C:\windows\system32\rrdsrego.exe DRCA02
    O4 - HKLM\..\Run: [BROWSERUPDATESCHED] C:\WINDOWS\system32\rwinssaw.exe DRCA02
    O4 - HKCU\..\Run: [SHELL] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinssaw.exe
    O4 - Startup: Z_Start.lnk = C:\inst_drca02.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    (if not already in SAFE MODE)
    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    • Temporary Internet Files
    • Downloaded Program Files
    • Recycle Bin
    • Temporary Files
    Click OK or Enter

    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:
    C:\windows\system32\rrdsrego.exe
    C:\WINDOWS\system32\rwinssaw.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    C:\inst_drca02.exe




    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  4. 18-12-2005  #4
    Cobie
    Cobie is offline Full Member
    Update!!
    New Hijackthis Log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:47:19 PM, on 18/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Documents and Settings\Cobie\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.messenger.msn.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presar io&pf=laptop
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  5. 18-12-2005  #5
    VopThis
    VopThis is offline Senior Member (Canada)
    Limewire is a particularly risky application profile. You are always one potential download from serious infection. Keep that in mind - be very diligent with all security related procedures and/or consider dropping that application.


    Fix the following addition items in HJT:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R3 - Default URLSearchHook is missing


    Delete file:
    c:\secure32.html (in SAFE MODE, if necessary)



    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.


    REBOOT.


    Run the following anti-virus/malware tools:

    Get the stinger here:
    http://vil.nai.com/vil/stinger/

    Download it to another computer if need be, and bring it to the affected computer on floppy disk.

    It will kill the top 40 virus files if any are found there


    Then,

    Run these two online virus/malware scanners ( Trendmicro Housecall, Panda Activescan) following these instructions below:
    http://forums.thatcomputerguy.us/ind...showtopic=5122

    Let them fix what they can. Reboot between scans.

    Take note of any FILES that couldn't be deleted. Post any undeletable items and any available LOGS back here (IMPORTANT FEEDBACK) AND go after such FILES yourself if you want (preferably in SAFE MODE - reboot tapping the F8 key) .

    These scans will take more than an hour to complete, so make sure you have time to let them run all the way through.
    (let us know if any files couldn't be deleted/cleaned.)


    Reboot
    Post a new HJT log with any detailed feedback from the scans. How are things now behaving: any new or remaining apparent issues?
  6. 21-12-2005  #6
    Cobie
    Cobie is offline Full Member
    New update


    Logfile of HijackThis v1.99.1
    Scan saved at 6:14:47 PM, on 21/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Documents and Settings\Cobie\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.messenger.msn.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presar io&pf=laptop
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



    This is my results from panda

    Incident Status Location

    Adware:adware/secure32 Not desinfected C:\WINDOWS\secure32.html (I removed this one)
    Adware:adware/popupsandbannersNot desinfected C:\WINDOWS\teller2.chk ( I removed this one as well)
    Adware:adware/savenow Not desinfected Windows Registry ( I did not know how to remove this one)
    Adware:Adware/Secure32 Not desinfected C:\RECYCLER\S-1-5-21-1981789588-337853590-1246302036-1006\Dc1.html ( would not allow me to remove this one as it said it was in use by someone else)
    Adware:Adware/Secure32 Not desinfected C:\WINDOWS\secure32.html ( this was the same as te first one and I had removed that one.)


    This will be continued on the next log as it said this post was too long and I had to shorten it.
    Thanks
  7. 21-12-2005  #7
    Cobie
    Cobie is offline Full Member
    this was my result from

    --------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:03:02 PM, 20/12/2005
    + Report-Checksum: 9459F1E2

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKU\S-1-5-21-1981789588-337853590-1246302036-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1981789588-337853590-1246302036-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-1981789588-337853590-1246302036-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKU\S-1-5-21-1981789588-337853590-1246302036-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.318:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.321:C:\Documents and Settings\Cobie\Application Data\Mozilla\Firefox\Profiles\om3pgpud.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@chumtv.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Cobie\Cookies\cobie@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Cobie\Local Settings\Temporary Internet Files\Content.IE5\ZTGWT7OR\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.a : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
    C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
    C:\WINDOWS\system32\dwdsregt.exe -> Spyware.ZenoSearch : Cleaned with backup
    C:\WINDOWS\system32\kholbdgl.exe -> Proxy.Wopla.m : Cleaned with backup
    C:\WINDOWS\system32\maelmhbm.dll -> Proxy.Wopla.m : Cleaned with backup
    C:\WINDOWS\system32\scmt16.exe -> Downloader.PassAlert.e : Cleaned with backup
    C:\WINDOWS\system32\service\explorer.exe -> Logger.Agent.ew : Cleaned with backup
    C:\WINDOWS\tool2.exe -> Hijacker.Spywad.n : Cleaned with backup

    ::Report End



    Now everything seems to be ok but I have only just finished all of these things. SO only time will tell I guess
    It took me a long time for the Trend micro to run, I had to let it go over night. I just got back from work and ran the others.
    Please let me know what else is there to do.
    Thanks
  8. 22-12-2005  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Adware:adware/savenow Not desinfected Windows Registry ( I did not know how to remove this one)
    Generally left-over clutter that is not normally a problem. Not easily remove without messing with the registry. Better to leave it alone on an exception basis.


    Adware:Adware/Secure32 Not desinfected C:\RECYCLER\S-1-5-21-1981789588-337853590-1246302036-1006\Dc1.html ( would not allow me to remove this one as it said it was in use by someone else)
    RECYCLER is a reference to your 'Recycle Bin'.


    Now everything seems to be ok
    Let us know if you have any further issues.
+ Reply to Thread
« hijack this log {Help MUCH Appriciated} | Explorer User Prompt »