h91746 help me jabuck

Computing.Net > Forums > Security and Virus > h91746 help me jabuck

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

h91746 help me jabuck

Name: spooklax
Date: April 10, 2006 at 11:50:28 Pacific
OS: windows xp professional
CPU/Ram: pentium 4 2.6GHz/ 1G ram

Comment:

i have been waiting on my other post http://www.computing.net/security/wwwboard/forum/18046.html
and it hasnt been successful, can u help me?
u can read my other post or we start off fresh
and also can sumone tell me, if i reformat my comp will i have to pay the activation fee they have for 64 edition?

Sponsored Link

Ads by Google

Response Number 1

Name: murr
Date: April 10, 2006 at 19:55:56 Pacific

Reply:

O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll
Plugged your log into the link provided to you earlier and 5 questionables came up with these 3 that i haven't been able to verify as legit.The middle one is definitely a nasty.Do you recognize the other 2.If not, follow the hijack instructions from the other thread and remove these.Some hits on the middle one refered to it as Spyfalcon and might require additional program for that.Try this first but wait for someone like jaybuck to give you further instructions.

Response Number 2

Name: jabuck
Date: April 11, 2006 at 04:01:27 Pacific

Reply:

It will be later the afternoon before I can work on this but please go ahead and prepare.
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will run this in safe mode later
Please download ATF-Cleaner from this link
http://www.atribune.org/content/view/19/2/ We will run this from safe mode later
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Navigate to C:\Program Files\Common Files\??stem32\?ti2evxx.exe and loacte thei file and try to distinguish it's actual name. The ? marks can be any character but the other characters will remaun the same. In many cases ??stem32 = system32 . Do not delete this file yet just find it.

Response Number 3

Name: jabuck
Date: April 11, 2006 at 15:01:30 Pacific

Reply:

please post your HT log and the file name you hopefully uncovered in C:\Program Files\Common Files.

Response Number 4

Name: murr
Date: April 11, 2006 at 15:40:42 Pacific

Reply:

jabuck
While were waiting for spooklax's log, could you comment on the items i listed especially #1 & #3 as i could find no info on them at all.

Response Number 5

Name: spooklax
Date: April 12, 2006 at 14:05:36 Pacific

Reply:

i found the file and its called... C:\Program Files\Common Files\ѕуstem32\ati2evxx.exe
and heres my log
Logfile of HijackThis v1.99.1
Scan saved at 2:04:59 PM, on 4/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win1483.tmp.exe
C:\WINDOWS\TEMP\dbheljmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll

opengl 1.4 download sbw-242 10.4 tiger download	grep line number sed tab character ghost.exe download
See More

Response Number 6

Name: jabuck
Date: April 12, 2006 at 19:24:53 Pacific

Reply:

Download killbox from this link Killbox We will need it in safe mode later
Reboot into safe mode by following the directions at this link How To Reboot Into Safe Mode
Run HT from safe mode, close all windows except HT, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [*binkey] C:\WINDOWS\java\Packages\binkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=5071
O20 - Winlogon Notify: winwam32 - C:\WINDOWS\SYSTEM32\winwam32.dll
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button.
Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\Common Files\ѕуstem32\ati2evxx.exe
C:\WINDOWS\TEMP\win1483.tmp.exe
C:\WINDOWS\TEMP\dbheljmd.exe
C:\WINDOWS\java\Packages\binkey.exe
C:\WINDOWS\SYSTEM32\winwam32.dll
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.
Run ATF-Cleaner from safe mode. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run Ewideo from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log and a new HT log.
If you have items unchecked in msconfig causing the very small amount of 04's to be visable in HT then they need to be unchecked before you post the new HT log or we may miss a baddie.

Response Number 7

Name: spooklax
Date: April 13, 2006 at 00:15:05 Pacific

Reply:

here is my ewido log

ewido anti-malware - Scan report

+ Created on: 12:08:13 AM, 4/13/2006
+ Report-Checksum: D9FA1FE6
+ Scan result:
HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Adware.PurityScan : Cleaned with backup
:mozilla.7:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.8:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.9:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.10:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.12:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.31:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.63:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.69:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.89:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.90:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.91:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.92:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.93:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.96:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.112:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.113:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.116:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.193:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.194:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.196:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.197:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.199:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.200:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.206:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.217:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.218:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.219:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.220:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.221:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.222:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.224:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.241:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.242:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.244:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.246:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.252:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.261:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.263:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.264:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.268:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.277:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.278:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.279:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.290:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.291:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.293:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.319:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.320:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.322:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\0HIOVW00\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GXYP0NCH\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[2].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[3].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\UD89SH01\rdgUS2404[4].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\daniel\My Documents\My Completed Downloads\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS2404.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup

::Report End
im not sure of what to check and uncheck in msconfig but in services and startup i have everything unchecked except for the microsoft programs.. but here is my HT log
Logfile of HijackThis v1.99.1
Scan saved at 12:14:44 AM, on 4/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O20 - Winlogon Notify: winwam32 - winwam32.dll (file missing)

Response Number 8

Name: jabuck
Date: April 13, 2006 at 04:00:06 Pacific

Reply:

Looks much better.
Run HT again and remove this item:
O20 - Winlogon Notify: winwam32 - winwam32.dll (file missing)
For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
Rehide your hidden files.
Set up msconfig anyway you like.
Your should be clean, but run this online scan and post the results, because we didn't do it and it is a best pratice.
Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

Response Number 9

Name: spooklax
Date: April 13, 2006 at 23:21:12 Pacific

Reply:

here is the report
---------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 13, 2006 11:20:24 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/04/2006
Kaspersky Anti-Virus database records: 188073
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 79543
Number of viruses found: 10
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 00:52:02
Infected Object Name / Virus Name / Last Action
C:\!KillBox\svchost.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003283.dll Infected: Trojan-Downloader.Win32.Small.cml skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003302.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped
C:\System Volume Information\_restore{43B68903-DD49-4B8E-8541-65A95F72E5D9}\RP6\A0003303.exe Infected: Trojan-Downloader.Win32.PurityScan.bt skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.jx skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe/stream Infected: not-a-virus:AdWare.Win32.InstaFinder.a skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\ld80C8.tmp Infected: Trojan-Downloader.Win32.Zlob.ka skipped
Scan process completed.

Response Number 10

Name: jabuck
Date: April 14, 2006 at 03:56:59 Pacific

Reply:

Run killbox again and delete these files:
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\SYSTEM32\dfrgsrv.exe
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe
C:\WINDOWS\SYSTEM32\ld80C8.tmp
Clean out system restore and create a new restore point. For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
Run Ewido from safe mode one more and post the report along witha new HT log.

Response Number 11

Name: spooklax
Date: April 14, 2006 at 16:07:59 Pacific

Reply:

here is my ewido report

ewido anti-malware - Scan report

+ Created on: 3:11:17 PM, 4/14/2006
+ Report-Checksum: 4BC9ABE6
+ Scan result:
:mozilla.22:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.40:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.42:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.47:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.51:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.52:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.56:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.57:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.59:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.60:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\daniel\Application Data\Mozilla\Firefox\Profiles\oijnupkm.Default Userxb\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\daniel\Cookies\daniel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup

::Report End
and here is my HT log
Logfile of HijackThis v1.99.1
Scan saved at 3:11:49 PM, on 4/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\daniel\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

Sponsored Link

Ads by Google

Computer shuts down on st...

Firewall Question

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: h91746 help me jabuck

please help me out

Summary

www.computing.net/answers/security/please-help-me-out/16874.html

Adservice Scanner, Help Me Please

Summary

www.computing.net/answers/security/adservice-scanner-help-me-please/18738.html

Can some one help me?

Summary

www.computing.net/answers/security/can-some-one-help-me/8814.html

From the Geek Dictionary
drawer - cd tray opening

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
redirect virus

Network Hanging

Sound Card half works

Low CPU laptop usage, but extremely slow

Cant load exe files - 100% cpu usage

All Awaiting Reply

Tom's News
Man Officially Married Virtual GF, Plans Future

12-inch Netbooks to Go Mainstream in 2010

Man Arrested Robbing RuneScape Characters

Nintendo Sold 1.5 Million Systems Last Week

PS3 Sales Reach All Time High Over Black Friday

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE