Computing.Net > Forums > Security and Virus > h91746 help me jabuck

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

h91746 help me jabuck

Reply to Message Icon
Original Message
Name: spooklax
Date: April 10, 2006 at 11:50:28 Pacific
Subject: h91746 help me jabuck
OS: windows xp professional
CPU/Ram: pentium 4 2.6GHz/ 1G ram
Comment:

i have been waiting on my other post http://www.computing.net/security/wwwboard/forum/18046.html
and it hasnt been successful, can u help me?
u can read my other post or we start off fresh

and also can sumone tell me, if i reformat my comp will i have to pay the activation fee they have for 64 edition?



Report Offensive Message For Removal


Response Number 1
Name: murr
Date: April 10, 2006 at 19:55:56 Pacific
Reply: (edit)

O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll

Plugged your log into the link provided to you earlier and 5 questionables came up with these 3 that i haven't been able to verify as legit.The middle one is definitely a nasty.Do you recognize the other 2.If not, follow the hijack instructions from the other thread and remove these.Some hits on the middle one refered to it as Spyfalcon and might require additional program for that.Try this first but wait for someone like jaybuck to give you further instructions.


Report Offensive Follow Up For Removal

Response Number 2
Name: jabuck
Date: April 11, 2006 at 04:01:27 Pacific
Reply: (edit)

It will be later the afternoon before I can work on this but please go ahead and prepare.

Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will run this in safe mode later

Please download ATF-Cleaner from this link
http://www.atribune.org/content/view/19/2/ We will run this from safe mode later

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Navigate to C:\Program Files\Common Files\??stem32\?ti2evxx.exe and loacte thei file and try to distinguish it's actual name. The ? marks can be any character but the other characters will remaun the same. In many cases ??stem32 = system32 . Do not delete this file yet just find it.



Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: April 11, 2006 at 15:01:30 Pacific
Reply: (edit)

please post your HT log and the file name you hopefully uncovered in C:\Program Files\Common Files.


Report Offensive Follow Up For Removal

Response Number 4
Name: murr
Date: April 11, 2006 at 15:40:42 Pacific
Reply: (edit)

jabuck

While were waiting for spooklax's log, could you comment on the items i listed especially #1 & #3 as i could find no info on them at all.


Report Offensive Follow Up For Removal

Response Number 5
Name: spooklax
Date: April 12, 2006 at 14:05:36 Pacific
Reply: (edit)

i found the file and its called... C:\Program Files\Common Files\ѕуstem32\ati2evxx.exe

and heres my log
Logfile of HijackThis v1.99.1
Scan saved at 2:04:59 PM, on 4/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win1483.tmp.exe
C:\WINDOWS\TEMP\dbheljmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll



Report Offensive Follow Up For Removal


Response Number 6
Name: jabuck
Date: April 12, 2006 at 19:24:53 Pacific
Reply: (edit)

Download killbox from this link Killbox We will need it in safe mode later

Reboot into safe mode by following the directions at this link How To Reboot Into Safe Mode

Run HT from safe mode, close all windows except HT, place a check to the left of the following items and press "fix checked":

O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071

O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll

Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button.
Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Common Files\ѕуstem32\ati2evxx.exe

C:\WINDOWS\TEMP\win1483.tmp.exe

C:\WINDOWS\TEMP\dbheljmd.exe

C:\WINDOWS\java\Packages\binkey.exe

C:\WINDOWS\SYSTEM32\winwam32.dll

Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run Ewideo from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.

Please reboot into normal mode and post the ewido log and a new HT log.

If you have items unchecked in msconfig causing the very small amount of 04's to be visable in HT then they need to be unchecked before you post the new HT log or we may miss a baddie.


Report Offensive Follow Up For Removal

Response Number 7
Name: spooklax
Date: April 13, 2006 at 00:15:05 Pacific
Reply: (edit)

here is my ewido log


ewido anti-malware - Scan report


+ Created on: 12:08:13 AM, 4/13/2006
+ Report-Checksum: D9FA1FE6

+ Scan result:

HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Cleaned with backup
:mozilla.7:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.8:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.9:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.10:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.12:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.31:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.63:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.69:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.89:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.90:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.91:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.92:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.93:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.96:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.112:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.116:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.193:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.194:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.196:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.197:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.199:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.200:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.206:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.217:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.218:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.219:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.220:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.221:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.222:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.224:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.241:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.242:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.244:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.246:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.252:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.261:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.263:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.264:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.268:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.277:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.278:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.279:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.290:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.291:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.293:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.319:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.320:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.322:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\My Documents\My Completed Downloads\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup


::Report End

im not sure of what to check and uncheck in msconfig but in services and startup i have everything unchecked except for the microsoft programs.. but here is my HT log

Logfile of HijackThis v1.99.1
Scan saved at 12:14:44 AM, on 4/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O20 - Winlogon Notify: winwam32 - winwam32.dll (file missing)



Report Offensive Follow Up For Removal

Response Number 8
Name: jabuck
Date: April 13, 2006 at 04:00:06 Pacific
Reply: (edit)

Looks much better.

Run HT again and remove this item:

O20 - Winlogon Notify: winwam32 - winwam32.dll (file missing)

For instructions on how to purge system restore click Here

To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

Rehide your hidden files.

Set up msconfig anyway you like.

Your should be clean, but run this online scan and post the results, because we didn't do it and it is a best pratice.

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.


Report Offensive Follow Up For Removal

Response Number 9
Name: spooklax
Date: April 13, 2006 at 23:21:12 Pacific
Reply: (edit)

here is the report

---------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 13, 2006 11:20:24 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/04/2006
Kaspersky Anti-Virus database records: 188073
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79543
Number of viruses found: 10
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 00:52:02

Infected Object Name / Virus Name / Last Action
C:\!KillBox\svchost.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003283.dll Infected: Trojan-Downloader.Win32.Small.cml skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003302.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003303.exe Infected: Trojan-Downloader.Win32.PurityScan.bt skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.jx skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe/stream Infected: not-a-virus:AdWare.Win32.InstaFinder.a skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\ld80C8.tmp Infected: Trojan-Downloader.Win32.Zlob.ka skipped

Scan process completed.


Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: April 14, 2006 at 03:56:59 Pacific
Reply: (edit)

Run killbox again and delete these files:

C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll

C:\WINDOWS\browserxtras\pn\remove.exe

C:\WINDOWS\SYSTEM32\dfrgsrv.exe

C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe

C:\WINDOWS\SYSTEM32\ld80C8.tmp

Clean out system restore and create a new restore point. For instructions on how to purge system restore click Here

To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

Run Ewido from safe mode one more and post the report along witha new HT log.


Report Offensive Follow Up For Removal

Response Number 11
Name: spooklax
Date: April 14, 2006 at 16:07:59 Pacific
Reply: (edit)

here is my ewido report


ewido anti-malware - Scan report


+ Created on: 3:11:17 PM, 4/14/2006
+ Report-Checksum: 4BC9ABE6

+ Scan result:

:mozilla.22:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.42:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.47:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.52:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.56:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.57:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.59:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup


::Report End

and here is my HT log

Logfile of HijackThis v1.99.1
Scan saved at 3:11:49 PM, on 4/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab



Report Offensive Follow Up For Removal






Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home





Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos
General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Site Search

Message Find

Data Recovery

About


Do you have your own blog?

Yes
No
I did before
I will soon


View Results

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History


Video card and montior DDC informat

Netowrk Connection with LInksys

two trojan viruses

ME product key. Generic?

rsync problem

All Awaiting Reply


Data Recovery Software