Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [FIXED] Stupid Not Working Connection!!!

[Fixed] Hijackthis! Logs - [FIXED] Stupid Not Working Connection!!! posted in the Security & Safety forums; I know there is a similar thread here, but this is slightly different..... When I'm on the internet, I can go to certian pages, then all of a sudden my ...

JOIN US NOW to remove these Ads

PC Help Forum, the number one FREE computer support website in the search engines
Post New Thread  Reply
  #1  
Old 09-08-2005
Master J's Avatar
Bronze Member
  
Join Date: Jul 2005
Posts: 61
Master J - See this Members User comments on their Profile page
Default [FIXED] Stupid Not Working Connection!!!
I know there is a similar thread here, but this is slightly different.....

When I'm on the internet, I can go to certian pages, then all of a sudden my connection stops working, and I cant access pages, or use my connection at all! Then sometimes it will comeback, but it wont be long before it stops again!!!!

I tried reparing my connection, but I get a message saying "error clearing NetBT".

What is wrong!!! Please help me fix this as I'm basically paying for something that wont work most of the time!!!

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:14:25, on 08/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dwdbgkz.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcjbwhm] C:\WINDOWS\system32\dwdbgkz.exe r
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{06AB1F42-EB04-4132-B3E5-0BC207D7F324}: NameServer = 159.134.237.6 159.134.248.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB91F921-0417-480A-80ED-EC45A569210A}: NameServer = 62.231.32.10,62.231.32.11
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service? (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


__________________
"Empty your cup that it may be filled, become devoid to gain totality"
  #2  
Old 09-08-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: Stupid Not Working Connection!!!
You have a nail infection there , Master J.


Please download the trial version of Ewido Security Suite here.
Install it, and update the definitions to the newest files. Do not run a scan yet.

Please download Nailfix from here.
Unzip it to the desktop but please do not run it yet.

And also download Ccleaner from here.


Before using Hijack This Can you please do this for me:


Show hidden files and folders:


For XP:

1.On the Tools menu in Windows Explorer, click Folder Options.
2.Click the View tab.
3.Under Hidden files and folders, click Show hidden files and folders.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.


Then disable system restore to prevent re-infection.
(if you have/use it.)
(you can turn it back on when youre pc is clean).


How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.



Boot in Safe Mode (hit f8 when booting up) , and run the Nailfix by dubbleclicking on nailfix.cmd

Then please run Ewido, and run a full scan. Save the logfile from the scan.


Click Start>Run and type in: services.msc
Click OK
In the Services window find:

System Startup Service

Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Open HJT and click config > misc tools > ?delete an NT service?
Copy and past:

SvcProc

Click OK.


Next please run HijackThis, click Scan, and check:


C:\WINDOWS\system32\dwdbgkz.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [mcjbwhm] C:\WINDOWS\system32\dwdbgkz.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

Close all open windows except for HijackThis and click Fix Checked. And then delete the files in bold. (if still present)


Just to be sure run the Nailfix again... and now run cclreaner.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.




__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #3  
Old 09-09-2005
Master J's Avatar
Bronze Member
  
Join Date: Jul 2005
Posts: 61
Master J - See this Members User comments on their Profile page
Default Re: Stupid Not Working Connection!!!
I did everything as you said (wow!!! that cleaner program cleaned up over 700mb's of space!).....EXCEPT that System Startup Service thing. It said it couldnt access the registry or something. Was it really important?

Here's the logs, Hijack first:


Logfile of HijackThis v1.99.1
Scan saved at 18:33:27, on 09/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 83.141.125.184
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB91F921-0417-480A-80ED-EC45A569210A}: NameServer = 62.231.32.10,62.231.32.11
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 18:14:22, 09/09/2005
+ Report-Checksum: EB8A984E

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned without backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned without backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned without backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned without backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned without backup
HKU\S-1-5-21-725345543-1343024091-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned without backup
HKU\S-1-5-21-725345543-1343024091-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned without backup
:mozilla.9:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Xxxcounter : Cleaned without backup
:mozilla.10:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.11:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.12:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.13:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.14:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.15:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.16:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.17:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.18:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.19:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.20:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.21:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.22:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.23:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.26:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sextracker : Cleaned without backup
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sextracker : Cleaned without backup
:mozilla.42:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.53:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.56:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.57:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.58:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.59:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.60:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.66:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.67:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.74:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.78:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.79:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.80:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.81:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.82:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.83:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.98:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.100:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
:mozilla.104:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.119:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.120:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.122:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.123:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.124:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.139:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.140:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.141:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7gyvywxm.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
C:\Documents and Settings\user\Cookies\user@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\user\Cookies\user@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\DHM\aurareco.exe -> Adware.BetterInternet : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\EHZ\aurareco.exe -> Adware.BetterInternet : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\PPL\aurareco.exe -> Adware.BetterInternet : Cleaned without backup
C:\Documents and Settings\user\Local Settings\Temp\res5BA.tmp -> Spyware.180Solutions : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\04C4CC32-CAA1-4880-B30D-164A3C\0E8BA185-F7B2-4ABC-B497-A76D1D -> Trojan.Agent.db : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\476191C7-4D45-49BB-B719-BA2360\A71E09F3-918B-430A-883D-2B9D42 -> Spyware.180Solutions : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7882C36A-4C1E-40E0-A921-FB1BB7\081BC975-C9BC-4DD9-A93D-9A0400 -> Spyware.MediaTickets : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\93F81BB6-96D4-40FE-9013-DD15D9\286E1057-0262-4AC4-8F33-B56DD5 -> TrojanDownloader.Small.asf : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B239D19E-3438-419D-9094-7A1A46\A47EB973-86F3-4FD1-8835-98A2D8 -> Trojan.Agent.db : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1B06F99-A590-419A-8AE4-95415D\DD2D446D-A225-46C8-A183-5A8D8A -> Trojan.Agent.db : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE4AAF6C-4197-40BC-B6EB-51B16D\E0AC2771-42D8-412D-9269-6A97D9 -> Spyware.180Solutions : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CEB9AB91-231C-4730-8599-7A24ED\D11EBA49-096A-4E78-8EBB-6819AC -> Trojan.Agent.db : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F45A29B6-466A-45DA-A34D-E4CC0D\07EDA7FF-DB11-4A23-8498-429BA2 -> Trojan.Agent.db : Cleaned without backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned without backup
C:\Program Files\WinAce\winace.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\rqgkkbjoeeg.exe -> Adware.BetterInternet : Cleaned without backup
C:\WINDOWS\system32\emonceejuqq.exe -> Backdoor.Rbot : Cleaned without backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned without backup


::Report End


__________________
"Empty your cup that it may be filled, become devoid to gain totality"
  #4  
Old 09-09-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: Stupid Not Working Connection!!!


If you fix this entry in safemode with hjt then youre clean The nail infection is gone.

O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)


And yes , removing the System Startup Service is importend but most of the time people recieve an error but the service is gone from hjt and services.msc so its still working.



Only one small prob , it looks like ewido made a mistake and disabled youre WinAce. Can you check if that still works?
If not you might have to install it again.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

« [Pending] The Last Known Good Configuration | [FIXED] Windows Update problems »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 08:51 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top