Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer hijacked- please help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-14-2005, 06:08 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Computer hijacked- please help
Computer has been hijacked yet again. Desktop has been changed to read: "Warning! Your computer might be infected with spyware or adware!! Strange homepage, popups, loss of important data and unstable functioning are the sure signs that you are infected. Click here to get the latest spyware removal software." There is also a strange icon in the tool bar that you cannot delete. I tried to do a system restore but the hijack still comes back. Here is my HiJack This log file. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:02:30 PM, on 8/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\avr.exe
C:\WINDOWS\System32\intell32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.udayton.edu/admission/VirTour/svideo.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\iomegaaccess.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-15-2005, 03:14 AM   #2 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Save the next instructions in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!. .


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Place a shortcut to Panda ActiveScan on your desktop.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Download KillBox v2.0.0.175 - Save to desktop.

Download & Install CleanUp!

Download Ewido Security Suite - Install & Update it's database but do not run it yet.

If you have not already installed Ad-Aware SE 1.06, download and update Ad-Aware SE Setup. Don't run it yet!


~~~~~~~~~~~~~~

Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.
  • c:\windows\system\BHOmod.dll
    C:\WINDOWS\System32\intell32.exe
Start KillBox.
  1. Go to the [File] menu, and choose [Paste from Clipboard].
    Verify that you've done this properly by clicking the dropdown-arrow next to the [Full Path of File to Delete] field. The filenames you pasted will be found in there.
  2. Select/tick the following:
    • "Delete on Reboot"
    • "End Explorer Shell While Killing File"
    • "Unregister.dll Before Deleting" if it's not grayed out.
  3. Click the RED X button.
  4. Click [Yes] at the 'Delete on Reboot' prompt. Click [Yes] at the Pending Operations prompt.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

~~~~~~~~~~~~~~

Reboot to SafeMode
  1. Shut Windows down, and then turn off the computer.
  2. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
  3. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the
    [Windows Advanced Options] menu appears.
  4. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

~~~~~~~~~~~~~~

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/gam...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...204&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab



~~~~~~~~~~~~~~

Enable the viewing of Hidden files
  1. Open Windows Explorer
  2. Go to Tools>Folder Options>View tab.
  3. enable the option for `Show hidden files and folder´
  4. disable the option for `Hide file extensions for known types´
  5. disable the option for `Hide protected operating system files´
  6. click "Yes" to confirm & then click "OK"


Locate and delete the following file(s), if present:
c:\windows\system\BHOmod.dll
C:\WINDOWS\System32\intell32.exe
Search for & delete ... using "Start>Search..." the following file(s), if present:
gglib.exe
~~~~~~~~~~~~~~

Run Cleanup! & configure the program up as follows:
  1. Click Options...
  2. Move the arrow down to Custom CleanUp!
  3. Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • [X]Scan local drives for temporary files (Please uncheck this option)
    • Cleanup! All Users
  4. Click OK
  5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders without making a backup


~~~~~~~~~~~~~~

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

~~~~~~~~~~~~~~

Open Ad-aware and close ALL other windows.
  • Click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
    1. In the [General] window make sure the following are selected in green:
      1. Under [Safety]:
        • Automatically save log-file
      2. Automatically quarantine objects prior to removal
      3. Safe Mode (always request confirmation)
    2. Under [Definitions]:
      • Prompt to update outdated definitions - set the number of days = 7
  • Click on the [Scanning] button on the left and select in green:
    1. Under [Driver, Folders & Files]:
      • Scan Within Archives
    2. Under [Select drives & folders to scan]:
      • choose all hard drives
    3. Under [Memory & Registry]: all green
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
  • Click on the [Advanced] button on the left and select in green:
    1. Under [Shell Integration]:
      • Move deleted files to recycle bin
    2. Under [Logfile Detail Level]: all green
      • include addtional object information
      • DeSelect - include negligible objects information
      • include environment information
    3. Under [Alternate Data Streams]:
      • Don't log streams smaller than 0 bytes
      • Don't log ADS with the following names: CA_INOCULATEIT
  • Click the [Tweak] button and select in green:
    1. Under [Scanning Engine]:
      • Unload recognized processes during scanning
      • Scan registry for all users instead of current user only
    2. Under [Cleaning Engine]:
      • Let Windows remove files in use at next reboot
    3. Under [Log Files]:
      • Include basic Ad-aware SE settings in logfile
      • Include additional Ad-aware SE settings in logfile
      • Please DeSelect: Include Module list in logfile
  • Click on [Proceed] to save the settings.
  • Click [Start]
  • Choose [Perform Full System Scan]
  • DeSelect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
  • Click [Next] and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
  • If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
  • Right-click on the list and choose Select All
  • Click the [Next] button to finish removing the items that were found

~~~~~~~~~~~~~~

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the Save report button
  • Save the report to your desktop
Close Ewido


~~~~~~~~~~~~~~

Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, smitfiles.txt and the Ewido Log.
Let us know if any problems persist.


Please visit this website - virusscan.jotti.org
Submit these file(s) for a comprehensive scan & then post the results back here.

c:\avr.exe
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2005, 05:24 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Thanks for your help. Below are the requested log files:

HijackThis Log-

Logfile of HijackThis v1.99.1
Scan saved at 7:23:57 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.udayton.edu/admission/VirTour/svideo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\iomegaaccess.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




smitfiles.txt-

smitRem log file
version 2.3

by noahdfear

The current date is: Mon 08/15/2005
The current time is: 17:28:06.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)


Pre-run Files Present


~~~ Program Files ~~~

PSGuard


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
wppp.html


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

uninstIU.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :( Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~






Ewido Log-

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:46:43 PM, 8/15/2005
+ Report-Checksum: 74EC7268

+ Scan result:

HKLM\SOFTWARE\PSguard.com -> Spyware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\PSguard.com\PSGuard -> Spyware.PSGuard : Cleaned with backup
[468] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Cleaned with backup
[1128] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
[1608] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Error during cleaning
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\e81qo9t2.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Lauren Garvey\Application Data\Mozilla\Firefox\Profiles\3rprdin8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Lauren Garvey\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Martin Garvey\Application Data\Mozilla\Firefox\Profiles\dfjhjuiz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Roberta Garvey\Application Data\Mozilla\Firefox\Profiles\8dfyu7t5.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Roberta Garvey\Application Data\Mozilla\Firefox\Profiles\8dfyu7t5.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Roberta Garvey\Application Data\Mozilla\Firefox\Profiles\8dfyu7t5.default\cookies.txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Roberta Garvey\Application Data\Mozilla\Firefox\Profiles\8dfyu7t5.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Roberta Garvey\Application Data\Mozilla\Firefox\Profiles\8dfyu7t5.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.6:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.7:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.14:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.19:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.42:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.43:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.44:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.45:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.69:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.89:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.104:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.110:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.113:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.114:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.115:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.147:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.148:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.150:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.153:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.156:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.166:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.184:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.185:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.187:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.188:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.189:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.190:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.202:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.203:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.204:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.205:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.206:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.233:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.238:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.246:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.247:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.248:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.249:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.254:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.255:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.256:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.266:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.267:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.268:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.269:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.279:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.280:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
:mozilla.281:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.284:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.294:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.297:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.298:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.299:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.309:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.310:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.329:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.342:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.343:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.344:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.345:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.351:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.353:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.360:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.361:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.362:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.363:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.418:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.419:C:\Documents and Settings\William Garvey\Application Data\Mozilla\Firefox\Profiles\ds3yjrrb.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\ntdetecd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\HJT\backups\backup-20050815-170953-607.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP588\A0039996.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP589\A0040014.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP589\A0040029.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP590\A0040045.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP590\A0040059.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP591\A0040077.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP592\A0040117.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP592\A0040118.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP593\A0040128.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041143.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041157.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041245.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041251.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP599\A0041594.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041604.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041908.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042300.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042349.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042360.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042362.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042371.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:uyetki -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DESKTOP.GRP:sgfbhj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q828026.log:vpidy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\REGLOCS.OLD:zpzfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\gglib.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\kbdrv64.sys -> Backdoor.SdBot.zo : Cleaned with backup


::Report End

PandaScan- for some odd reason I ran Panda Scan twice and the window closed midway through each scan
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2005, 05:28 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Results from virusscan.jotti.org-

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-16-2005, 03:09 AM   #5 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Things are looking good.

Run HJT and fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

If Panda is failing - try another online scanner:

Do an online scan at one of the following sites:Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Things are looking better all ready - are you experiencing any problems?
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-16-2005, 05:07 PM   #6 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Thanks for your help. So far no problems.

Here are the results of the Kaspersky Scan:

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 16, 2005 19:04:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135557
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 57487
Number of viruses found: 15
Number of infected objects: 94
Number of suspicious objects: 0
Duration of the scan process: 3157 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator.DF1PS211\My Documents\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Administrator.DF1PS211\My Documents\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Administrator.DF1PS211\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Administrator.DF1PS211\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Guest\My Documents\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Guest\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.Scapur.g
C:\Documents and Settings\Joseph Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-792f2738.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Joseph Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-792f2738.zip Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip Infected: Trojan.Java.ClassLoader.d
C:\Program Files\SBITPlugin\114052.dlr Infected: Trojan-Proxy.Win32.Sobit.b
C:\Program Files\SBITPlugin\114052.exe Infected: Trojan-Downloader.Win32.Tibsem.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP594\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040426.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040427.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040428.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040429.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040433.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040461.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040834.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040835.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040837.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041131.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041138.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041139.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041140.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041172.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041173.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041205.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041206.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041207.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041208.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041209.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041525.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041526.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041527.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041528.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041529.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041530.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP599\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041614.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041615.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041616.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041617.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041897.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041898.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041903.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041904.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041934.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041935.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041944.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041945.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041948.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041949.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041950.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041951.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041953.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042262.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042263.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042267.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042268.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042291.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042292.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042309.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042310.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042311.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042312.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042313.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042314.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042353.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042365.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042398.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042401.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042402.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042403.OLD:zpzfu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042404.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042405.sys Infected: Backdoor.Win32.SdBot.zo
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042408.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042413.old Infected: Virus.Win32.Nsag.b
C:\WINDOWS\SYSTEM32\KVIF_7.dll/data0003 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\SYSTEM32\KVIF_7.dll/data0004 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\SYSTEM32\KVIF_7.dll Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\SYSTEM32\Mservice.dll Infected: Trojan-Downloader.Win32.Wintrim.cj

Scan process completed.
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 03:25 AM   #7 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Reboot into safe mode and remove the following files/folders in BOLD.

FOLDERS

C:\Documents and Settings\Administrator.DF1PS211\My Documents\Data
C:\Documents and Settings\Default User\MyDocuments\Data
C:\Documents and Settings\Guest\My Documents\Data
C:\Program Files\SBITPlugin

*note* By default..there is NO legit Data folder in "MY Documents" unless you made it! Also I need to confirm this is the name of your admin folder>> Administrator.DF1PS211??

FILES

C:\WINDOWS\SYSTEM32\KVIF_7.dll
C:\WINDOWS\SYSTEM32\Mservice.dll


Clear Your Java Cache

1. From the Start button, click Settings > Control Panel
2. In the Control Panel, open the "Java Plug-in Control Panel"
3. Select the Cache Tab
4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory.

Now run Cleanup again and reboot/logoff when prompted.

ONce back to normal windows run another Kaspersky Scan and post it's log.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2005, 04:02 PM   #8 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Thanks for your help.

I believe Administrator.DF1PS211 is the name of the admin folder. DF1PS211 is the full computer name.

When looking for the folders to delete, the only data folders present are Application Data folders. Is that what I'm to delete?

When I tried to clear my Java Cache, there wasn't a Cache tab. I'm running version 1.5.0

Just wanted to be clear so I don't delete anything important.

Thanks.
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 01:45 AM   #9 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
NO....DO NOT delete the Application Data folder. We are after the "Data" folder thats sitting in each of your users "My Documents" folders. Make sure you can view these folders...

Quote:
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.
Example from my previous post....

C:\Documents and Settings\Guest\My Documents\Data <--that's the folder we want to delete.

So Click...
My Computer
Then the C:\ Drive
Then the Documents and Settings folder.
Then the Guest folder
Then the My Documents folder.

In that folder..will be a folder named Data. That's what we want to delete. Repeat the process with each of the users I listed in my last post.


If you can find thee cache tab..then navigate to the folder...C:\Documents and Settings\Joseph Garvey\Application Data\Sun\Java\Deployment\cache <--delete ALL files in that folder!
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
Last edited by MicroBell; 08-18-2005 at 01:52 AM.
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 07:04 PM   #10 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


My latest Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 18, 2005 21:01:15
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/08/2005
Kaspersky Anti-Virus database records: 135870
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 56545
Number of viruses found: 12
Number of infected objects: 79
Number of suspicious objects: 0
Duration of the scan process: 2689 sec

Infected Object Name - Virus Name
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv761.jar-ce7b4d3-44fd9b59.zip Infected: Trojan.Java.ClassLoader.d
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP594\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040426.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040427.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040428.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040429.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\A0040433.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP595\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040461.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040834.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040835.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP596\A0040837.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041131.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041138.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041139.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041140.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041172.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP597\A0041173.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041205.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041206.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041207.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041208.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041209.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041525.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041526.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041527.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041528.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041529.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\A0041530.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP598\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP599\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041614.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041615.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041616.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041617.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041897.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041898.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041903.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041904.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041934.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041935.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041944.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041945.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041948.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041949.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041950.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041951.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\A0041953.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP600\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042262.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042263.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042267.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042268.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042291.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042292.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042309.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042310.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042311.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042312.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042313.dll Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042314.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042353.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042365.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042398.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042401.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042402.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042403.OLD:zpzfu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042404.exe Infected: Trojan-Clicker.Win32.Small.gj
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042405.sys Infected: Backdoor.Win32.SdBot.zo
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042408.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP601\A0042413.old Infected: Virus.Win32.Nsag.b
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP603\A0042550.dll/data0003 Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP603\A0042550.dll/data0004 Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP603\A0042550.dll Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP603\A0042551.dll Infected: Trojan-Downloader.Win32.Wintrim.cj
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP604\A0042641.exe Infected: Trojan-Downloader.Win32.Tibsem.b

Scan process completed.
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2005, 08:16 PM   #11 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
C:\Documents and Settings\William Garvey\Application Data\Sun\Java\Deployment\cache <--delete all files in the folder

Well done. Your logs are clean. Any more issues? If not you should be good to go. When you disable and re-enable system restore in the steps below that should clear the rest of the bad guys located in that C:\System Volume Information\_restore folder.

We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 2000
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Select the Advanced settings box option.
  • Select the Hidden files Folders.
  • Deselect the Show all files option.
  • Click Yes to confirm.
  • Click OK.

Windows ME
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 95/98/98SE
===============
  • Open My Computer.
  • Select the View
  • Select the Folder Options option.
  • Select the View tab. option.
  • Select the Advance Advanced settings box option.
  • Select the Hidden files folder.
  • Deselect the Show all files option
  • Click Apply to confirm.
  • Click OK.



Create a new System Restore point

Windows XP
===============
  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK
  • This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============
  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.
  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK



Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:



In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-19-2005, 04:52 PM   #12 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 41
OS: WinXP


Awesome. Thanks for all your help.
joegar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:55 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85