NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY
 
 
 
 
 
 
  
Register   FAQ   Login  

Can you folk Help me out...I am drowning in Pop up ads!





AddThis Social Bookmark Button AddThis Feed Button

       2-spyware forum index -> HijackThis log analysis
Author Message
peggypwr1



Joined: 13 Jan 2007
Posts: 11
Post Post subject: Can you folk Help me out...I am drowning in Pop up ads! Reply with quote
Hello, I think I might have some Vundo infextion. These pop ups are relentless and slowing my system down. I donloaded VundoFix but it is not working. Here is my hi-jack log: Oh and thanks for your time

Logfile of HijackThis v1.99.1
Scan saved at 4:48:36 PM, on 3/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wwSecure.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINNT\Mixer.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\gmukh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
F3 - REG:win.ini: run=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170827827352
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HighPoint Storage Management Service (hptsvr) - Unknown owner - C:\Program Files\HighPoint Technologies, Inc.\HighPoint Storage Management Software\service\hptsvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\system32\wwSecure.exe
Sat Mar 03, 2007 12:43 am
Back to top
peggypwr1 View user's profile Send private message
 
GTO



Joined: 15 Nov 2005
Posts: 1519
Post Post subject: Reply with quote
Hi peggypwr1

I will move this thread to more appropriate forum section.
Sat Mar 03, 2007 11:54 am
Back to top
GTO View user's profile Send private message
 
GTO



Joined: 15 Nov 2005
Posts: 1519
Post Post subject: Reply with quote
Please do this:

1. Use HijackThis to fix the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run=

2. Download the free version of SUPERAntiSpyware. Install the program, update its definitions and run a complete system scan.


P.S. Your system is not up-to-date! You have to install Microsoft Internet Explorer 6 Service Pack 1. Also apply all latest updates and security fixes.
Sat Mar 03, 2007 11:58 am
Back to top
GTO View user's profile Send private message
 
peggypwr1



Joined: 13 Jan 2007
Posts: 11
Post Post subject: Reply with quote
Hello here is my virus scan log: It found some trojans and vundo stuff. Do I need to go into safe mode?

Oh and I do have IE 6.0 w/SP1, I don't know why Hi-jack this is saying I have version 5.0?



SUPERAntiSpyware Scan Log
Generated 03/03/2007 at 12:13 PM

Application Version : 3.5.1016

Core Rules Database Version : 3193
Trace Rules Database Version: 1203

Scan type : Complete Scan
Total Scan Time : 00:47:18

Memory items scanned : 516
Memory threats detected : 2
Registry items scanned : 5171
Registry threats detected : 17
File items scanned : 29580
File threats detected : 105

Adware.Vundo Variant
C:\WINNT\SYSTEM32\FCCAW.DLL
C:\WINNT\SYSTEM32\FCCAW.DLL
HKLM\Software\Classes\CLSID\{9765660C-0AAF-4BA7-AC15-B19ABE866C8A}
HKCR\CLSID\{9765660C-0AAF-4BA7-AC15-B19ABE866C8A}
HKCR\CLSID\{9765660C-0AAF-4BA7-AC15-B19ABE866C8A}\InprocServer32
HKCR\CLSID\{9765660C-0AAF-4BA7-AC15-B19ABE866C8A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C47A9554-195A-4769-9B13-04F15B450A39}
HKCR\CLSID\{C47A9554-195A-4769-9B13-04F15B450A39}
HKCR\CLSID\{C47A9554-195A-4769-9B13-04F15B450A39}\InprocServer32
HKCR\CLSID\{C47A9554-195A-4769-9B13-04F15B450A39}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9765660C-0AAF-4BA7-AC15-B19ABE866C8A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C47A9554-195A-4769-9B13-04F15B450A39}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\fccaw
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\khfgggg
HKCR\CLSID\{C47A9554-195A-4769-9B13-04F15B450A39}
C:\WINNT\SYSTEM32\JKKHGDD.DLL

Trojan.Downloader-WBRock
C:\WINNT\SYSTEM32\KHFGGGG.DLL
C:\WINNT\SYSTEM32\KHFGGGG.DLL

Adware.Tracking Cookie
C:\Documents and Settings\gmukh\Cookies\gmukh@winantivirus[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wgmiskdzcbp.stats.esomniture[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@stats1.reliablestats[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@ad.yieldmanager[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@count.exitexchange[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@2o7[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@www.drivecleaner[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@realmedia[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wfloundpibo.stats.esomniture[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@amaena[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@a[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wal4akd5ilq.stats.esomniture[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@enterprise.clickdefense[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@adlog.cdfreaks[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@drivecleaner[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@www.amaena[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@msnportal.112.2o7[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@indexstats[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@exitexchange[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@tacoda[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@stats.drivecleaner[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@cgi-bin[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@mediaplex[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@counter2.hitslink[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@revsci[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@statcounter[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@atwola[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@indiads[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@s[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@count2.exitexchange[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@ad.accelerator-media[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@divx.112.2o7[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@clickbank[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wjkyskcjago.stats.esomniture[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@nextag[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wjnysid5sdo.stats.esomniture[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@enhance[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@hitbox[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@statse.webtrendslive[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@ehg-maniatv.hitbox[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@ehg-meevee.hitbox[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@cpvfeed[2].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@advertising[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@sec1.liveperson[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\gmukh\Cookies\gmukh@e-2dj6wjnycjczggo.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mediaturf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.monster[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@c1.zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicktorrent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkoehczmdo.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyspd5wep.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyukd5afq.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4kicjaao.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywjc5elq.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-viacom.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phg.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexy-celebs.blogspot[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.clickmanage[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
C:\Documents and Settings\All Users\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\All Users\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\All Users\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\All Users\Cookies\administrator@msnportal.112.2o7[1].txt

Trojan.BZub-IPV6
HKCR\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}
HKCR\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}\InprocServer32
HKCR\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}\InprocServer32#ThreadingModel

Trojan.Downloader-Gen/LIB
C:\VUNDOFIX BACKUPS\LPSRKGLU.DLL.BAD

Trojan.Downloader-SpyTool
C:\VUNDOFIX BACKUPS\UTMHLVED.DLL.BAD
Sat Mar 03, 2007 8:25 pm
Back to top
peggypwr1 View user's profile Send private message
 
GTO



Joined: 15 Nov 2005
Posts: 1519
Post Post subject: Reply with quote
Hi peggypwr1

Remove all the pests SUPERAntiSpyware has found. Then restart your computer and run a new scan. If malware is still present, restart in Safe Mode and scan once again.
Sun Mar 04, 2007 8:49 am
Back to top
GTO View user's profile Send private message
 
       2-spyware forum index -> HijackThis log analysis All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Recommended software:
Spyware Doctor
(91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
(89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
(85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
(80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
(75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2007 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions. Forum powered by phpBB