Please help clean up spies
I'm having some problems with spyware on my computer. Here is my log from hijack this. Hope someone can help.
Logfile of HijackThis v1.99.1
Scan saved at 1:09:15 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\JFaxMailNTHelper.exe
C:\WINDOWS\system32\d3xj.exe
C:\WINDOWS\system32\addgw.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Documents and Settings\Peter\Desktop\Spy-Help\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C396D0E0-9E0A-542C-DF8F-ADEA8A5525B8} - C:\WINDOWS\apphz32.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [JFaxMailNTHelper] C:\WINDOWS\JFaxMailNTHelper.exe
O4 - HKLM\..\Run: [netmb.exe] C:\WINDOWS\netmb.exe
O4 - HKLM\..\Run: [addgw.exe] C:\WINDOWS\system32\addgw.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/197ad2d8/enter.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127174194671
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3xj.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
Logfile of HijackThis v1.99.1
Scan saved at 1:09:15 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\JFaxMailNTHelper.exe
C:\WINDOWS\system32\d3xj.exe
C:\WINDOWS\system32\addgw.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\DllHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Documents and Settings\Peter\Desktop\Spy-Help\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C396D0E0-9E0A-542C-DF8F-ADEA8A5525B8} - C:\WINDOWS\apphz32.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [JFaxMailNTHelper] C:\WINDOWS\JFaxMailNTHelper.exe
O4 - HKLM\..\Run: [netmb.exe] C:\WINDOWS\netmb.exe
O4 - HKLM\..\Run: [addgw.exe] C:\WINDOWS\system32\addgw.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/197ad2d8/enter.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127174194671
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3xj.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
0
This discussion has been closed.
Comments
First of all I need you to download some programs for use later.
Download this file and unzip it to your desktop
Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet
Download CWShredder from here, install it, check for updates but again, don't use it yet.
Download and install Ewido Security Suite Trial from here. Run and update the program but do not scan with it yet.
Ensure hidden files and folders are set to show;
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Next, go to Start->Run and type "Services.msc" (without quotes) then hit OkScroll down and find the service called Network Security Service ( 11Fßä#·ºÄÖ`I). When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.
Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE
While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.
Then Open cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.
Bring up task manager Ctrl-Alt-Del and end these processes if they are present
C:\WINDOWS\system32\d3xj.exe
C:\WINDOWS\system32\addgw.exe
Now find and delete these files, if you can't find one then don't worry.. just move on to the next one.
C:\WINDOWS\apphz32.dll
C:\WINDOWS\netmb.exe
C:\WINDOWS\system32\addgw.exe
C:\WINDOWS\system32\cglyk.dll
C:\WINDOWS\system32\d3xj.exe
Now run hijackthis and click the scan button, when it has finished scanning put a check against the following and click 'fix checked'
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cglyk.dll/sp.html#10001%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C396D0E0-9E0A-542C-DF8F-ADEA8A5525B8} - C:\WINDOWS\apphz32.dll
O4 - HKLM\..\Run: [netmb.exe] C:\WINDOWS\netmb.exe
O4 - HKLM\..\Run: [addgw.exe] C:\WINDOWS\system32\addgw.exe
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/197ad2d8/enter.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seek...bridge-c24.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3xj.exe" /s (file missing)
The following step is important as you may have several malware files in your temp directories.
Browse to the C:\documents and settings\Your User Name (repeat for all other user names in documents and settings)\local settings\temp folder and delete all files and folders in it.
Then browse to the C:\Window\Temp folder and delete all files and folders in it.
Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.
Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.
Run Ewido and do a full System Scan with it. Let it clean anything it finds. Save the report it creates.
Now reboot, and run hijackthis again and post a fresh log along with the about buster log and the Ewido log.
Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 2:23:26 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\JFaxMailNTHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Peter\Desktop\Spy-Help\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [JFaxMailNTHelper] C:\WINDOWS\JFaxMailNTHelper.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127174194671
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
_______________________________________________________________
ewido anti-malware - Scan report
+ Created on: 2:19:46 AM, 1/8/2006
+ Report-Checksum: 28380F76
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77E35B59-5DBF-CA0F-2037-00B52E21E874} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1935655697-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B3FEA706-1476-462B-9B5A-B1A4772CC8DF} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1935655697-1303643608-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3FEA706-1476-462B-9B5A-B1A4772CC8DF} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\34ixlnn7.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Peter\Cookies\peter@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Peter\Cookies\peter@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Peter\Cookies\peter@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Peter\Cookies\peter@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Peter\Cookies\peter@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Peter\Desktop\Spy-Help\backups\backup-20050414-130936-321.dll -> Dropper.Small.tn : Cleaned with backup
C:\Documents and Settings\Peter\Desktop\Spy-Help\backups\backup-20060107-183207-921.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1949.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1951.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1952.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1953.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1957.tmp -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1958.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1960.tmp -> Not-A-Virus.Hoax.Win32.SpyWare.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1961.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1962.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1965.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1967.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1968.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1969.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1970.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc1971.tmp -> Trojan.Small.ga : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1303643608-682003330-1004\Dc2.dll -> Downloader.Agent.bc : Cleaned with backup
::Report End
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables.
Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster 3.4
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS