‎Hope this posts, pop up problems...tioka

Responses(42)
Solutions(0)

TIOKA

28 Posts

0

October 23rd, 2006 00:00

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:12:09 PM 10/22/2006

+ Scan result:

HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\180solutions\msbb -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\biprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\W737E0DT\installdrivecleanerstart[1].exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\nem214.dll -> Downloader.Dyfuca.j : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2161.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-3157a8e7-44b6faf2.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\bridge.dll -> Logger.Briss.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll -> Logger.Briss.f : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tripodtodd@earthlink.net\Cookies\chauncy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@ads.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@ads.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@www.burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfkyejc5odq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfkyemczclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfkygld5afq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfkyojajaeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfl4wiajseo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wflichczabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfloaldpslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wfmyqncpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wgk4shazalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wgkoahcpgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wgkywicpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wgmygndjseo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6whk4unajmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjk4elc5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjk4siazalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkocjcjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkoeodzaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkokkc5mlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkowpdpifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkyemczehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkyghdjicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjkyujczahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjl4gjdzoeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjliqjcpsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@e-2dj6wjliuhd5maq.stats.esomniture[2].txt -> TrackingCookie.Esom

TIOKA

28 Posts

0

October 23rd, 2006 00:00

C:\Documents and Settings\chauncy\Cookies\chauncy@e-2dj6wjny-1kdjok.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@e-2dj6wjnyckc5eeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@e-2dj6wjnyoldpmhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@e-2dj6wjnyqkcjiaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@e-2dj6wjnywmdpgho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@ehg-harleydavidson.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@ehg-harleydavidson.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\chauncy\Application Data\Earthlink\6.0\tocline@earthlink.net\Cookies\chauncy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\chauncy\Cookies\chauncy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\chauncy\Local Settings\Application Data\030f0af6.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\0df32fa6.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\683ea766.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\ce21ca57.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\ce3c6de6.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\dd40d096.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\chauncy\Local Settings\Application Data\fa2826d.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000138.exe -> Trojan.LowZones.df : Cleaned with backup (quarantined).
C:\fdj.exe -> Trojan.LowZones.df : Cleaned with backup (quarantined).

::Report end

B

bamajim

10.4K Posts

0

October 24th, 2006 01:00

TIOKA

Could you post a fresh Hijackhtis log

double click HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents as a reply to this thread

bamajim Graduate of Malware Removal University

TIOKA

28 Posts

0

October 24th, 2006 13:00

SORRY Think I kinda butchered that last log post

Logfile of HijackThis v1.99.1
Scan saved at 7:33:37 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\525a5853.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {6240F718-69A1-1CF1-F569-001B3CF9244D} - C:\WINDOWS\system32\xjfgkvf.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [525a5853.exe] C:\WINDOWS\system32\525a5853.exe
O4 - HKLM\..\Run: [hlrzaif.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hlrzaif.dll,awyskcd
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [525a5853.exe] C:\Documents and Settings\chauncy\Local Settings\Application Data\525a5853.exe
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08CE78A6-85A4-52A2-4EF4-6B990DC7DBBF} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {4D8C0673-1A38-428D-77BB-0AA304E67910} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {6E8739E8-4C71-2748-971A-795E0CDAC82C} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {79CB4765-06B6-4E3E-6280-740E5E49DB3E} - http://85.255.115.229/1/gdnUS2161.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B866FAFD-3148-4397-A99C-BBA82BA9E037}: NameServer = 207.69.188.187 207.69.188.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

B

bamajim

10.4K Posts

0

October 24th, 2006 15:00

TIOKA

First Please download the Killbox.

1)Save it to the desktop and run it.
2) Select " Delete on Reboot", and then select "All files".
3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
- C:\WINDOWS\system32\xjfgkvf.dll
  C:\WINDOWS\system32\525a5853.exe
  C:\WINDOWS\system32\hlrzaif.dll
  C:\Documents and Settings\chauncy\Local Settings\Application Data\525a5853.exe
4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
5) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " No" at the Pending Operations prompt.

Next Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {6240F718-69A1-1CF1-F569-001B3CF9244D} - C:\WINDOWS\system32\xjfgkvf.dll
O4 - HKLM\..\Run: [525a5853.exe] C:\WINDOWS\system32\525a5853.exe
O4 - HKLM\..\Run: [hlrzaif.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hlrzaif.dll,awyskcd
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKCU\..\Run: [525a5853.exe] C:\Documents and Settings\chauncy\Local Settings\Application Data\525a5853.exe
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {08CE78A6-85A4-52A2-4EF4-6B990DC7DBBF} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {4D8C0673-1A38-428D-77BB-0AA304E67910} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {6E8739E8-4C71-2748-971A-795E0CDAC82C} - http://85.255.115.229/1/gdnUS2161.exe
O16 - DPF: {79CB4765-06B6-4E3E-6280-740E5E49DB3E} - http://85.255.115.229/1/gdnUS2161.exe

Close all other open windows except Hijackthis and Select " Fix checked"

Next Using Windows Explorer

(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)

Locate and Delete the following folders

C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23

Close Windows explorer->>Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log

bamajim Graduate of Malware Removal University

TIOKA

28 Posts

0

October 24th, 2006 21:00

Think I got through last steps OK, however could not find the files in win/explorer to delete

Logfile of HijackThis v1.99.1
Scan saved at 3:03:18 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

B

bamajim

10.4K Posts

0

October 24th, 2006 22:00

TIOKA

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

Next Re Run Hijackthis (scan only) and place checks beside the following entries

O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue

Close all other open windows except Hijackthis and Select " Fix checked"

Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log

bamajim Graduate of Malware Removal University

TIOKA

28 Posts

0

October 25th, 2006 01:00

I can already tell things are getting MUCH better here, here is the latest HJT scan

Logfile of HijackThis v1.99.1
Scan saved at 7:23:52 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

B

bamajim

10.4K Posts

0

October 25th, 2006 01:00

TIOKA

Glad to hear it

Got one file giving me trouble here, I think you are having trouble finding it. Let's do it this way

We need to make sure we can see hidden files and folders

Click Start.
Click My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.

Next Using Windows Explorer

(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)

Then in the address bar copt and past the following into the bar

C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5

Then Hit the Go Button

You should see the folder YBUREX23 in the window->>Rt click that folder->>Select Delete

Close Windows Explorer

Next Re Run Hijackthis (scan only) and place checks beside the following entry

O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis->>Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log

bamajim Graduate of Malware Removal University

TIOKA

28 Posts

0

October 25th, 2006 02:00

I will try in the morning.......Have to go to work....cheers

TIOKA

28 Posts

0

October 25th, 2006 02:00

Dont seem to be able to get that 04 UD run/install file(?) out of there. Tried again with HJT and a reboot

but it's still there............THANK YOU again............Is that file my only remaining issue?......Chauncy

TIOKA

28 Posts

0

October 25th, 2006 14:00

Really having a tough time with this one, not sure whereto find the address bar you refer to. Searched for the file

YBUREX23 and found it in in C/windows/pchealth/help center/data coll/collect data/32563.xlm. The text is in

blue and to the left of the files it says in red. Wont let me copy or paste, but UD is in there several times

I can highlight it but it wont let me delete (i think there is some kind or shield near cursor when you highlight).

think I need to find the adderss bar you refer to......................Thanks

B

bamajim

10.4K Posts

0

October 25th, 2006 15:00

TIOKA

The easiest way to find the address bar is do this

Click Start->>My Documents. Then the just copy and paste the location into that top address bar then press go. See if you can find it that way. If not please reply

bamajim Graduate of Malware Removal University

TIOKA

28 Posts

0

October 25th, 2006 22:00

Sorry I was way over thinking what you wanted me to do, copied and pasted, found folder and deleted,rebooted here are the results. Appears its still there, pesky little bugger aint it !

Logfile of HijackThis v1.99.1
Scan saved at 4:32:33 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\chauncy\Local Settings\Temporary Internet Files\Content.IE5\YBUREX23\UDefender_Installer[1].exe" continue
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

TIOKA

28 Posts

0

October 25th, 2006 22:00

Retried previous instructions, folder YBUREX23 was (is) not deleted for whatever reason.

1
2
3

View All

No Events found!

Virus & Spyware

Was this post helpful?