Please help with Hijack this log

Status
Not open for further replies.
T

thomas2006

Beta member
Messages
4
How are you doing? I am having trouble with pop-up ads when i use the browser Mozilla Firefox. The only time the pop-ups accour are when the browser is open. The odd thing is that they are opened using internet explorer. Any help would be great..THANK YOU..Also i ran the ewido scan and clean up before i recived my Hijack this log..Here it is..


Logfile of HijackThis v1.99.1
Scan saved at 5:40:43 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020706 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://aimexpress.aim.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095128621234
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
Thank you...

Logfile of HijackThis v1.99.1
Scan saved at 5:20:15 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\COMMON~1\AOL\111939~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111939~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020706 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [win-update] winupck.exe
O4 - HKLM\..\Run: [win update] wupda32.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119399487\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\vvmeg.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://aimexpress.aim.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095128621234
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
Hi and Welcome to TF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Download and install Cleanup but DO NOT run it yet!

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure itÂ’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O4 - HKLM\..\Run: [win-update] winupck.exe
O4 - HKLM\..\Run: [win update] wupda32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\vvmeg.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O15 - Trusted Zone: http://aimexpress.aim.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab

Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for themÂ…make sure you have search hidden files, folders, sub directoryÂ’s ect enabled if it applyÂ’s to your OS)

C:\WINDOWS\System32\vvmeg.exe
C:\WINDOWS\avserve2.exe
winupck.exe
wupda32.exe <--locate and delete these 2

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Reboot back to normal mode....

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
    [*] Click on see report. Then click Save report

Please post that log in your next reply along with the Ewido log and a new hijackthis log.
 
Thank You..

Logfile of HijackThis v1.99.1
Scan saved at 5:46:59 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\PROGRA~1\COMMON~1\AOL\111939~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111939~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020706 serial=DR12WNP-9936859-UJJ lang=EN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119399487\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095128621234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



Incident Status Location

Adware:adware/wupd Not disinfected C:\PROGRAM FILES\Admilli Service
Adware:adware/navhelper Not disinfected C:\PROGRAM FILES\NavExcel Search Toolbar
Adware:adware/winad Not disinfected C:\PROGRAM FILES\Winad Client
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinSoftware
Adware:adware/powerscan Not disinfected Windows Registry
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.ask.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.peel.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[]
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc20.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc22.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc24.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc28.bat
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc37.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc38.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc40.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc41.html
Adware:Adware/MediaTickets Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000762.bat
Adware:Adware/MediaTickets Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0004915.bat
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\SYSTEM32\xmltok.dll


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:59:24 PM, 1/30/2006
+ Report-Checksum: AD073B7D

+ Scan result:

:mozilla.19:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\System Volume Information\_restore{D0944C4A-CDF6-45AD-968C-1CEB673FF510}\RP444\A0044513.dll -> Adware.Winfixer : Cleaned with backup
C:\System Volume Information\_restore{D0944C4A-CDF6-45AD-968C-1CEB673FF510}\RP444\A0044514.dll -> Adware.NavExcel : Cleaned with backup


::Report End
 
Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Empty your recycle bin!

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\PROGRAM FILES\Admilli Service
C:\PROGRAM FILES\NavExcel Search Toolbar
C:\PROGRAM FILES\Winad Client
C:\PROGRAM FILES\COMMON FILES\WinSoftware
C:\WINDOWS\SYSTEM32\xmltok.dll

Once you reboot....run another Panda scan and post it's log.
 
Once again thank you..
Incident Status Location

Adware:adware/navhelper Not disinfected C:\PROGRAM FILES\NavExcel Search Toolbar
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@centrport[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@zedo[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.zedo.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.valueclick.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.adrevolver.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.ask.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.peel.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[searchportal.information.com/]
Adware:Adware/SAHAgent Not disinfected C:\!KillBox\xmltok.dll
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.COMPUTER\Application Data\Mozilla\Firefox\Profiles\03ibqrjk.Default User\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@centrport[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.COMPUTER\Cookies\owner@zedo[2].txt
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc20.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc22.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc24.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc28.bat
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc37.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc38.html
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc40.bat
Adware:Adware/WUpd Not disinfected C:\RECYCLER\S-1-5-21-2189916241-1532840507-282723842-1007\Dc41.html
Adware:Adware/MediaTickets Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000762.bat
Adware:Adware/MediaTickets Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0004915.bat
 
C:\PROGRAM FILES\NavExcel Search Toolbar <--delete that folder.

Are you still getting popups?
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom