BSOD Please help!!!

waltino81waltino81
edited December 2007 in Spyware & Virus Removal
Blue screen of death error C000021a. Happens all the time, I was told it is corrupted registry files, but not sure.

I can't install windows service pack 2, Says my computer is "to unstable".
Nor can i install windows updates.

Also browser hijacking (search-daily.com) Only when i search from google.

I have ran ad-aware and spybot and Panda active scan.

Hijack this log:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dlcxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Ryan\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {0119DCFD-9735-44AB-BA64-DACFB16E9E75} - c:\windows\system32\bmnabmn.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09DD6B91-4E69-493A-8410-F3EA34DFB322} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {0D955C2E-269F-4C36-8BA8-2682E72B9B0A} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {11DB21A2-22E2-42E3-9E6A-80FC7A7B57A4} - C:\WINDOWS\System32\CREDU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {94C33BE4-8A7F-4418-95B8-B17265515CB7} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {97087632-45CE-470A-A78E-0847F5F73179} - c:\windows\system32\bmnabmn.dll
O2 - BHO: (no name) - {EF72F2F0-625E-411C-8C84-4EE5A0AAD93B} - c:\windows\system32\bmnabmn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188748624953
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ucclrezb - C:\WINDOWS\SYSTEM32\bmnabmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dlcx_device - - C:\WINDOWS\System32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Comments

  • waltino81waltino81
    edited November 2007
    PANDA LOG

    Incident Status Location
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Colleen\Local Settings\Temp\Cookies\colleen@advertising[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colleen\Local Settings\Temp\Cookies\colleen@atwola[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colleen\Local Settings\Temp\Cookies\colleen@doubleclick[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@adrevolver[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@adrevolver[3].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@ads.addynamix[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@ads.pointroll[2].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@adtech[1].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@adultfriendfinder[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@atdmt[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@atdmt[3].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@atwola[1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@atwola[3].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@azjmp[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@bs.serving-sys[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@burstnet[2].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@did-it[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@fastclick[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@go[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@overture[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@overture[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@perf.overture[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@perf.overture[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@perf.overture[3].txt
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@qksrv[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[3].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@questionmarket[5].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@realmedia[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@realmedia[2].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@revenue[2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@searchportal.information[2].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@server.iad.liveperson[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[2].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@target[1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@target[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@tribalfusion[2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@www.burstbeacon[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Debbie\Cookies\debbie@www.burstbeacon[2].txt
    Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Debbie\Local Settings\Temp\mrnrwtti.dll
    Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\Debbie\Local Settings\Temp\sch16.dll
    Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Debbie\Local Settings\Temp\xrun.exe
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@ad.yieldmanager[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@adrevolver"]braz@adrevolver[/EMAIL][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@adrevolver"]braz@adrevolver[/EMAIL][2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@ads.addynamix[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@ads.pointroll[1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@adserver.easyad[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@advertising"]braz@advertising[/EMAIL][1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@advertising"]braz@advertising[/EMAIL][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@atdmt"]braz@atdmt[/EMAIL][2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@bluestreak"]braz@bluestreak[/EMAIL][2].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@casalemedia"]braz@casalemedia[/EMAIL][1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@counter12.sextracker[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@doubleclick"]braz@doubleclick[/EMAIL][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@doubleclick"]braz@doubleclick[/EMAIL][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@fastclick"]braz@fastclick[/EMAIL][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@fastclick"]braz@fastclick[/EMAIL][2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@mediaplex"]braz@mediaplex[/EMAIL][2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@questionmarket"]braz@questionmarket[/EMAIL][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@questionmarket"]braz@questionmarket[/EMAIL][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@realmedia"]braz@realmedia[/EMAIL][1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@server.iad.liveperson[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@serving-sys"]braz@serving-sys[/EMAIL][2].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@sextracker"]braz@sextracker[/EMAIL][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@statcounter"]braz@statcounter[/EMAIL][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@trafficmp"]braz@trafficmp[/EMAIL][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@tribalfusion"]braz@tribalfusion[/EMAIL][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny braz@www.burstbeacon[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Johnny Braz\Cookies\johnny [EMAIL="braz@zedo"]braz@zedo[/EMAIL][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rick\Cookies\rick@adrevolver[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rick\Cookies\rick@adrevolver[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rick\Cookies\rick@adrevolver[4].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ads.addynamix[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ads.pointroll[1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ads.pointroll[2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Rick\Cookies\rick@advertising[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Rick\Cookies\rick@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rick\Cookies\rick@atwola[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Rick\Cookies\rick@bs.serving-sys[1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ccbill[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rick\Cookies\rick@doubleclick[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rick\Cookies\rick@doubleclick[2].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Rick\Cookies\rick@ehg-dig.hitbox[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Rick\Cookies\rick@fastclick[2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Rick\Cookies\rick@go[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Rick\Cookies\rick@mediaplex[2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Rick\Cookies\rick@mediaplex[3].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Rick\Cookies\rick@questionmarket[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Rick\Cookies\rick@serving-sys[1].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Rick\Cookies\rick@sextracker[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rick\Cookies\rick@tribalfusion[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rick\Cookies\rick@tribalfusion[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Rick\Cookies\rick@zedo[2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@ads.addynamix[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@ads.pointroll[2].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@adserver.easyad[1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@atwola[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@bs.serving-sys[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@com[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@go[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@overture[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@overture[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@questionmarket[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@realmedia[3].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@revenue[2].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@server.iad.liveperson[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@serving-sys[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ryan\Cookies\ryan@tribalfusion[2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@ads.pointroll[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@atdmt[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@atwola[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@go[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@questionmarket[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@realmedia[1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@trafficmp[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ryan\Local Settings\Temp\Cookies\ryan@tribalfusion[1].txt
    Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
    Hacktool:Generic Application Not disinfected C:\RECYCLER\S-1-5-21-867288073-2236735993-1011620452-1014\Dc58.exe
    Adware:Adware/Coupons Not disinfected C:\WINDOWS\CouponBarIE.dll
    Adware:adware/dealhelper Not disinfected C:\WINDOWS\dhdom1.bin
    Virus:Trj/Agent.HDA Disinfected C:\WINDOWS\SYSTEM32\bmnabmn.dll.bak
    Spyware:Cookie/DomainSponsor Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@landing.domainsponsor[1].txt
    Virus:Generic Trojan Disinfected C:\WINDOWS\SYSTEM32\mzfytece.dll.bak
    Virus:Trj/Clicker.AFR Disinfected C:\WINDOWS\SYSTEM32\pvjcec.bak
    Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\Temp\mrnrwtti.dll
  • KatanaKatana
    edited December 2007
    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic.
    3. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those three things, everything should go smoothly :D

    I apologize for the delay in responding, but as you can probably see the forums are quite busy
    and sometimes a post manages to slip by us.
    Unfortunately there are far more people needing help than there are helpers.

    If you still require help please post a fresh Hijack This log to this thread.
    I will be notified and I will get back to you ASAP.

    Old version of HJT
    You are running an older version of Hijack This.

    Click here to download HJTinstall.exe
    Save HJTinstall.exe to your desktop.
    It is important that you uninstall any previous versions by using Add/Remove programs in your control panel
    before installing a newer version.
    • Double click on the HJTinstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\Hijack This.
    • Click I accept
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    VundoFix
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
  • TroganTrogan London, UK
    edited December 2007
    Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead (grin)
Sign In or Register to comment.