kleptoned

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kleptoned

  • Rank
    Newbie
  1. Heres mt Ewido Log --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 8:19:18 PM 8/29/2006 + Scan result: C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\mit1A.tmp.cab/NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\mit1A.tmp/NNBar_VCSetup_876072.exe -> Adware.Mirar : Cleaned with backup (quarantined). C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\i8A.tmp -> Adware.SurfSide : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined). HKU\S-1-5-21-57989841-706699826-854245398-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined). HKU\S-1-5-21-57989841-706699826-854245398-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined). C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\a58c8a4a.exe -> Downloader.Small : Cleaned with backup (quarantined). C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Local Settings\Temp\bl4ck.com -> Downloader.Small.dmj : Cleaned with backup (quarantined). C:\WINDOWS\system32\a.exe -> Downloader.Small.dmj : Cleaned with backup (quarantined). C:\Program Files\Common Files\Microsoft Shared\Proof\timeupdate.exe -> Proxy.Small : Cleaned with backup (quarantined). C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Kmpads : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected]t.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Targetnet : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned. C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). C:\WINDOWS\sys09546117727.exe -> Trojan.VB.tg : Cleaned with backup (quarantined). C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined). C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined). ::Report end And my new HIJACKTHIS Log Logfile of HijackThis v1.99.1 Scan saved at 8:29:40 PM, on 8/29/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Prevx1\PXAgent.exe C:\Program Files\Opera\opera.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing) O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll (file missing) O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) Hope this is enough info for yall to help me...Thanks in advance...
  2. I have a process runnin Duce6.exe an keep gettin a million popups ...Heres my Hijack This log Logfile of HijackThis v1.99.1 Scan saved at 6:19:13 PM, on 8/29/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\Program Files\Prevx1\PXAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\thiselt.exe C:\WINDOWS\Duce6.exe C:\Program Files\Common Files\{208D185F-05D7-1033-0425-011207000001}\Update.exe C:\WINDOWS\sys01461177275.exe C:\Program Files\Opera\opera.exe C:\HijackThis.exe R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsz95.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe O4 - HKLM\..\Run: [sys01461177275] C:\WINDOWS\sys01461177275.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} - http://209.190.16.26/webnetcounters/PopupSh.ocx O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) Help Me Please...