Tech Support banner

Status
Not open for further replies.
1 - 20 of 26 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter #1
What you get when you have popups malware and trojans my computer.

Logfile of HijackThis v1.99.1
Scan saved at 2:57:40 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwebzone.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CA4CA9F9-C0E6-E28B-C54A-5C5376E4338A} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [ctbienc] C:\WINDOWS\ctbienc.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [wjvkudn] C:\WINDOWS\wjvkudn.EXE
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [AVTray] "C:\Program Files\WinAntiVirus 2006 Pro\AVTray.exe"
O4 - HKLM\..\Run: [rdsodll] C:\WINDOWS\rdsodll.EXE
O4 - HKLM\..\Run: [ypoyenc] C:\WINDOWS\ypoyenc.EXE
O4 - HKLM\..\Run: [Media Gateway] C:\DOCUME~1\Owner\LOCALS~1\Temp\MediaGateway.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ovdd] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [96k7avii] C:\WINDOWS\system32\96k7avii.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [MediaGateway.exe] C:\WINDOWS\system32\MediaGateway.exe
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [ovùõš/‚²‘ÆßfÏNb‰»9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gdehwv] C:\WINDOWS\gdehwv.exe
O4 - HKLM\..\Run: [ProSiteFinder] "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe
O4 - HKCU\..\Run: [qiko] C:\PROGRA~1\COMMON~1\qiko\qikom.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [dplbex] C:\WINDOWS\system32\dplbex.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{BE371361-4E24-491F-873E-E93392F97E58}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O4 - Startup: Registration Brothers In Arms.LNK = L:\Support\Register\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: nnpn.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125888296531
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/237/webolr/OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\MBC71ESP.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pwyrrkk.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ctbisvc.exe
 

·
Registered
Joined
·
1,462 Posts
FIRST, we will clear out the basics....


Please print out or save this page to your desktop in order to assist you when carrying out the following instructions.

Downloads
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
DO NOT RUN A SCAN YET

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp!http://www.geekstogo.com/modules.php?modid=5&action=download&id=49 and install it. DO NOT RUN IT YET

Download the Istbar Removal toolhttp://securityresponse.symantec.com/avcenter/FxIstbar.exe DO NOT RUN IT YET

Download LQfixhttp://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.zip & save it to your desktop, and Extract the files. DO NOT RUN IT YET

Download Killbox DO NOT RUN IT YET


Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
vidctrl
TagASaurus
Media Gateway
web rebates
Surf Accuracy
Internet Optimizer
BullsEye Networks
180 Search Assistant
POwerScan
ProSiteFinder
Side Find
BT2Net
WeatherBug
- it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below. For a safer alternative please seeHerehttp://www.theweathernetwork.com/inter/weathercentre/index.htmhttp://www.theweathernetwork.com/inter/weathercentre/index.htm


Run Ewido Security Suite
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite

In the LQFix folder, Double click on LQFix.bat A dos window will open and close again, this is normal.

Run the Symantec Istbar Removal Tool and follow the prompts for removal.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwebzone.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50196
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwebzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CA4CA9F9-C0E6-E28B-C54A-5C5376E4338A} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [ctbienc] C:\WINDOWS\ctbienc.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [wjvkudn] C:\WINDOWS\wjvkudn.EXE
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [rdsodll] C:\WINDOWS\rdsodll.EXE
O4 - HKLM\..\Run: [ypoyenc] C:\WINDOWS\ypoyenc.EXE
O4 - HKLM\..\Run: [Media Gateway] C:\DOCUME~1\Owner\LOCALS~1\Temp\MediaGateway.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ovdd] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [96k7avii] C:\WINDOWS\system32\96k7avii.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [MediaGateway.exe] C:\WINDOWS\system32\MediaGateway.exe
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [ovùõš/‚²‘ÆßfÏNb‰»9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofurfhu.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gdehwv] C:\WINDOWS\gdehwv.exe
O4 - HKLM\..\Run: [ProSiteFinder] "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe
O4 - HKCU\..\Run: [qiko] C:\PROGRA~1\COMMON~1\qiko\qikom.exe
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [dplbex] C:\WINDOWS\system32\dplbex.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{BE371361-4E24-491F-873E-E93392F97E58}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/2...OCX/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
*** CHECK ALL O18 ENTRIES EXCEPT THE SECOND ENTRY***
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pwyrrkk.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ctbisvc.exe

Please remember to close all other windows, including browsers then click Fix checked.


FOR THE FOLLOWING, DO NOT REBOOT UNTIL WE RUN CLEANUP!

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Select all the files below with your cursor and right click and choose Copy. Then go to "File" and select Paste from Clipboard Click Yes at the 'Pending Operations prompt'. if you see it:
C:\WINDOWS\system32\richup.exe
C:\WINDOWS\ctbidll.EXE
C:\WINDOWS\ctbienc.EXE
C:\WINDOWS\wjvkudn.EXE
C:\WINDOWS\system32\testit.exe
C:\WINDOWS\system32\mmxp2passion.exe
C:\WINDOWS\exe82.exe
C:\WINDOWS\system32\mediapluscash.exe
C:\WINDOWS\sys025182495311.exe
C:\WINDOWS\rdsodll.EXE
C:\WINDOWS\ypoyenc.EXE
C:\WINDOWS\ofurfhu.exe
C:\WINDOWS\system32\96k7avii.exe
C:\WINDOWS\ms048249531151.exe
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\MediaGateway.exe
C:\WINDOWS\system32\cashfortool.exee
C:\WINDOWS\ofurfhu.exe
C:\WINDOWS\gdehwv.exe
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\system32\dplbex.exe
C:\Program Files\Common Files\mc-58-12-0000106.exe
C:\WINDOWS\pwyrrkk.exe
C:\WINDOWS\ctbisvc.exe
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.



Now Open HiJackThis and go to: Config | Misc. Tools | Delete an NT Service... and enter the following:
Windows Overlay Components then click "OK" and "No" when it asks you to reboot. Click the Delete an NT Service... button again, and now Enter: Windows VisFx Components then click "OK" and "No" when it asks you to reboot.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\E2G\
C:\WINDOWS\system32\vidctrl\
C:\Program Files\TagASaurus\
C:\WINDOWS\SysCheckBop32\
C:\Program Files\ISTsvc\
C:\Program Files\SurfAccuracy\
C:\Program Files\Internet Optimizer\
C:\Program Files\BullsEye Network\
c:\program files\180searchassistant\
C:\Program Files\Power Scan\
C:\Program Files\Web_Rebates\
C:\Program Files\ProSiteFinder\
C:\Program Files\Common Files\Windows\
C:\PROGRA~1\COMMON~1\qiko\
C:\Program Files\SideFind\
C:\PROGRA~1\AWS\
ALCXMNTR.EXE <-- Search for and delete via "start || Search"
AUNPS2.DLL <-- Search for and delete via "start || Search"


Run CleanUp! Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. NOW Reboot/logoff when prompted.



Reboot your system in Normal Mode.


Further Scanning
Please run a Scan at the Following site
Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here

Please post a fresh HijackThis log & the Log from Panda & the log from Ewido so that we can check if your system is clean.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #4
i couldnt do panda scan with my webbrowsers i tried ie as well didnt get anything but here is my new hijackthis log you asked for Logfile of HijackThis v1.99.1
Scan saved at 4:54:13 PM, on 9/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\jgjua\pjwn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program

Files\SurfSideKick 3\SskBho.dll
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and

Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBW

eb_01.src"); (C:\Documents and Settings\Owner\Application

Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pjwn] C:\WINDOWS\system32\jgjua\pjwn.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) -

http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)

- http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.o

cx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?112

5888296531
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\kadusl.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006

Pro\AVKernel.exe
O23 - Service: bpkomxgbilic - Unknown owner - C:\WINDOWS\system32\ilic\bpkomxgb.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pjwnjgjua - Unknown owner - C:\WINDOWS\system32\jgjua\pjwn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 

·
Registered
Joined
·
14 Posts
Discussion Starter #6
Here is the ewido log from the first scan.

ewido security suite - Scan report
+ Created on: 1:59:25 PM, 9/25/2005
+ Report-Checksum: 81FED11D
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{1E432263-6841-4653-8F02-366A2F77E339} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} -> Spyware.WindowsSearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CLSID -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CurVer -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.Band\CurVer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CLSID -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CurVer -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenSaver Manager -> Spyware.LZIO : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000020DD-C72E-4113-AF77-DD56626C6C42} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000607D-D204-42C7-8E46-216055BF9918} -> Spyware.TwainTech : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000277A3-7D84-406A-9799-D12A81594693} -> Spyware.SearchFast : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -> Spyware.PeopleOnPage : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{120E090D-9136-4B78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} -> Spyware.LinkReplacer : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} -> Spyware.WindowsSearchBar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} -> Spyware.WindowsSearchBar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC378B83-9577-44D0-B4F8-0DD965E176FC} -> Spyware.Esyndicate : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3 -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3\eeennn -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3\kkws -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3\ppops -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3\reel -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\_rtneg3\ssites -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
[776] C:\WINDOWS\system32\ahmlib.dll -> Spyware.Look2Me : Error during cleaning
[924] C:\WINDOWS\system32\ahmlib.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\actalert[1].exeawaoqvyy -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\aunps2.dllqzvxfkyy -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\bbrbqco.exewekhnxnd -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\cornseedb.exeihjeioib -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\gui.exeaawzdddr -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\installaps.exeapagyprx -> TrojanDropper.Agent.lu : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\jkill.exeptohgdxb -> Spyware.VX2 : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63.ocxceneyvoy -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63.ocxlsbjfoud -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63.ocxqxzpqotf -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63[1].ocxcpomclgo -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63[1].ocxlamsbblz -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63[1].ocxxbqddqpc -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\mm63[1].ocxzsumfqxa -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\optimize[1].exemplkmjrt -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\optimize[1].exexbqddqpc -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\optimize[1].exezuynmqxt -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\rkdmd.exewrdavnrk -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xql.exequwcnkvk -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\zcfed.exejynbzgzp -> Spyware.180Solutions : Cleaned with backup
:mozilla.9:C:\Documents and Settings\limited\Application Data\Mozilla\Firefox\Profiles\0fu82zib.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\limited\Application Data\Mozilla\Firefox\Profiles\0fu82zib.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\limited\Application Data\Mozilla\Firefox\Profiles\0fu82zib.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\limited\Application Data\Mozilla\Firefox\Profiles\0fu82zib.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\limited\Application Data\Mozilla\Firefox\Profiles\0fu82zib.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\limited\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\limited\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\limited\Local Settings\Temp\79d30M.exe -> TrojanDownloader.IstBar.kp : Cleaned with backup
C:\Documents and Settings\limited\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\limited\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\limited\Local Settings\Temp\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FOUG7PCU\tb3[1].cab/toolbar.dll -> Spyware.IBIS : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q5B8EPC0\common[1].cab/common.dll -> Spyware.IBIS : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VUTNXBH2\TBPS[1].cab/TBPS.exe -> Spyware.IBIS : Error during cleaning
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SNGBUVK1\!update-2524[1].0000 -> TrojanDownloader.PurityScan.an : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.j8s\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies-1.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.590:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.591:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.781:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.825:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.839:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.844:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.861:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.877:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.887:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.889:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.897:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.916:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.920:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.938:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.944:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application
 

·
Registered
Joined
·
14 Posts
Discussion Starter #7
continued
Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\9oarcv4r.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Casinopays : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected]ter.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Internet Optimizer\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\23.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\131586_2848_2128_1396_69.41.tmp -> Trojan.EliteBar.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\180sainstallersilsais1.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\180sainstallersilsais1.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\197468_3728_2680_2952_69.41.tmp -> Trojan.EliteBar.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\a5JwW4.exe -> TrojanDownloader.IstBar.kp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DelD2.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\g6QdxV.exe -> TrojanDownloader.IstBar.kp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\N9FVN2QP.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\res41.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\res8E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\sahagent.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\update.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[6].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PQFG5IJ\AppWrap[7].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4TUJKLYB\istdownload[1].exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OP2FSH6J\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OP2FSH6J\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OP2FSH6J\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OP2FSH6J\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OP2FSH6J\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[5].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WXMNOD2R\AppWrap[6].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\LemonadeTycoonSetup-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\Monopoly3-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\MonopolyVegas-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\Scrabble_Setup-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\TacticalOpsSetup-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Games\TheGameOfLife-dm.exe -> Spyware.Trymedia : Cleaned with backup
:mozilla.6:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.10:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.11:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.16:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.22:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.25:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.28:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.29:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.35:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.44:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.47:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\samuel\Application Data\Mozilla\Firefox\Profiles\6gm24f1b.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.6:C:\Documents and Settings\samuel\Application Data\Mozilla\Profiles\default\g3l9f2pl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\samuel\Application Data\Mozilla\Profiles\default\g3l9f2pl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\samuel\Application Data\Mozilla\Profiles\default\g3l9f2pl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\samuel\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\samuel\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\samuel\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\samuel\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\djtopr1150.exe -> Spyware.WebRebates.g : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\jkill.exe -> Spyware.VX2 : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Temporary Internet Files\Content.IE5\2NQRJ0WF\istdownload[1].exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Temporary Internet Files\Content.IE5\2NQRJ0WF\mm63[1].ocx -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\samuel\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZE4YOEVT\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Downloads\DTRPinball-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> TrojanDownloader.PurityScan.an : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\Installer\dlinst.dll -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\Installer\eaccel_updater.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Common Files\qiko\qikoa.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\qiko\qikop.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\Program Files\Ftk\f.bak -> Spyware.FlashEnhancer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3DB8BA44-F9AB-43BF-B357-FCA415\A38E97E4-AF21-4304-8A34-BB3FC1 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\782C3A8A-48EC-4D77-AF0D-0ECD8E\75158DC7-C88F-48E3-8725-B2528D -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B287C316-2A04-40AF-9B84-F04C9D\F8E55D7C-C804-440C-AA4F-E2615F -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D7C86AC1-3033-4388-BF23-4FBC2A\A944C2C2-6B45-42D5-A4DA-C5D291 -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D7C86AC1-3033-4388-BF23-4FBC2A\E8FBCE27-206C-49EF-A0A6-BC1B38 -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F2C57677-AB0D-483C-8075-E99942\B5B0800E-0E04-47E2-B535-9D1438 -> Spyware.MySearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F6E1C15B-0A0E-44A2-9CC7-D708B6\58C80EBB-04EF-444D-B882-E3F34C -> Adware.SAHA : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\068B88C4 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
C:\temp\180Pack6480.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\ctbisvc.exe -> TrojanDropper.Agent.mu : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup
C:\WINDOWS\exe82.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\mm63.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\offun.exe -> TrojanDownloader.VB.hw : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\pss\nnpn.exeCommon Startup -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\pwyrrkk.exe -> TrojanDropper.Agent.tb : Cleaned with backup
C:\WINDOWS\rdsodll.exe -> TrojanDownloader.VB.hj : Cleaned with backup
C:\WINDOWS\sngsh33.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\2bundle.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\bbrbqco.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\ccfgnt75.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\ciodm943.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\cziconfg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dattex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINDOWS\system32\djconxp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\EDameEncrypt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\efentlog.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\egentlog.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fxsrdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\HookPopup.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\iezset.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\iufxexps.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\LwbbyHook.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MBC71ESP.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mediapluscash.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\mmxp2passion.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\WINDOWS\system32\mscjjn.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\system32\MTE2NzY6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\myxml.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ngsh33.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\system32\nzwrsfi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\padx5032.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ppbpy.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\PreUninstall.exe -> Spyware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\qtsname.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rckd\argak.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\sprnggus\meijsbw.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\testit.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\WINDOWS\system32\Tqwrwj.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\uznphost.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\visyi.dll -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\visyid.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\system32\xdire_lsp_8742.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system320nsy4880 -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> TrojanDownloader.PurityScan.an : Cleaned with backup
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected].yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\WINDOWS\Temp\iBD.tmp -> Spyware.SurfSide : Cleaned with backup
C:\WINDOWS\Temp\jfghjfgudk.exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\WINDOWS\Temp\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\qlqbypc.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\Temp\res67.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res77.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0YP8ILB4\!update-2534[1].0000 -> TrojanDownloader.PurityScan.an : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9JJOZF6S\autoupgrader2[1] -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9JJOZF6S\maxifilesdns[1].zip/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\WINDOWS\TMP_FILE_1.tmp -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup
C:\WINDOWS\wjvkudn.exe -> TrojanDownloader.VB.hw : Cleaned with backup
C:\WINDOWS\ypoyenc.exe -> TrojanDownloader.VB.hj : Cleaned with backup
 

·
Registered
Joined
·
1,462 Posts
YOu have several traces of Look2Me, i would just like to ensure we removed ALL of them.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
 

·
Registered
Joined
·
14 Posts
Discussion Starter #9
Here ya go.

Logfile of HijackThis v1.99.1
Scan saved at 8:48:20 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{CA4CA9F9-C0E6-E28B-C54A-5C5376E4338A} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: SDWin32 Class - {87C4C2C2-330A-4154-9001-968D1E04885F} - C:\WINDOWS\system32\crwtf.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C86F9CB0-46EF-9009-AEC0-8F21DBADF551} - C:\WINDOWS\Mgmpgrbw.dll
O2 - BHO: I
nternet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pjwn] C:\WINDOWS\system32\jgjua\pjwn.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [cashplusmedia1.exe.exe] C:\WINDOWS\system32\cashplusmedia1.exe.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125888296531
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
O23 - Service: bpkomxgbilic - Unknown owner - C:\WINDOWS\system32\ilic\bpkomxgb.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pjwnjgjua - Unknown owner - C:\WINDOWS\system32\jgjua\pjwn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 812 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 820 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\dwvoice.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dwvoice.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kadusl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kadusl.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\dwvoice.dll
Successfully Deleted: C:\WINDOWS\system32\dwvoice.dll
deleting: C:\WINDOWS\system32\dwvoice.dll
Successfully Deleted: C:\WINDOWS\system32\dwvoice.dll
deleting: C:\WINDOWS\system32\kadusl.dll
Successfully Deleted: C:\WINDOWS\system32\kadusl.dll
deleting: C:\WINDOWS\system32\kadusl.dll
Successfully Deleted: C:\WINDOWS\system32\kadusl.dll


Zipping up files for submission:
adding: dwvoice.dll (188 bytes security) (deflated 48%)
adding: gdiplus.dll (148 bytes security) (deflated 43%)
adding: kadusl.dll (188 bytes security) (deflated 48%)
adding: clear.reg (188 bytes security) (deflated 60%)
adding: asdf.txt (188 bytes security) (deflated 60%)
adding: crash.txt (188 bytes security) (deflated 25%)
adding: dbg.txt (188 bytes security) (deflated 55%)
adding: dvdlog.txt (188 bytes security) (deflated 58%)
adding: graph.txt (188 bytes security) (deflated 66%)
adding: lo2.txt (188 bytes security) (deflated 72%)
adding: test.txt (188 bytes security) (deflated 68%)
adding: test2.txt (188 bytes security) (deflated 41%)
adding: test3.txt (188 bytes security) (deflated 41%)
adding: test5.txt (188 bytes security) (deflated 41%)
adding: xfind.txt (188 bytes security) (deflated 65%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: dwvoice.dll
deleting local copy: dwvoice.dll
deleting local copy: kadusl.dll
deleting local copy: kadusl.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dwvoice.dll
C:\WINDOWS\system32\dwvoice.dll
C:\WINDOWS\system32\kadusl.dll
C:\WINDOWS\system32\kadusl.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A61C146A-E317-4823-8086-6C97A9EDDA99}"=-
"{885DF8ED-0A3E-4341-A88E-C10D1EA5D276}"=-
"{70869E29-35B6-43B4-997A-D8BDB442B91E}"=-
"{BBB0ED82-D8C6-41C7-807E-BB81BE729598}"=-
"{22B8219C-9193-4EDF-A213-B006B99792BB}"=-
"{5339AEE6-CDE7-4AD1-9FA4-098E3BFB07AD}"=-
"{21502262-4C72-4854-B38D-4FCAD36C7918}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A61C146A-E317-4823-8086-6C97A9EDDA99}]
[-HKEY_CLASSES_ROOT\CLSID\{885DF8ED-0A3E-4341-A88E-C10D1EA5D276}]
[-HKEY_CLASSES_ROOT\CLSID\{70869E29-35B6-43B4-997A-D8BDB442B91E}]
[-HKEY_CLASSES_ROOT\CLSID\{BBB0ED82-D8C6-41C7-807E-BB81BE729598}]
[-HKEY_CLASSES_ROOT\CLSID\{22B8219C-9193-4EDF-A213-B006B99792BB}]
[-HKEY_CLASSES_ROOT\CLSID\{5339AEE6-CDE7-4AD1-9FA4-098E3BFB07AD}]
[-HKEY_CLASSES_ROOT\CLSID\{21502262-4C72-4854-B38D-4FCAD36C7918}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

 

·
Registered
Joined
·
1,462 Posts
Please print out or save this page to your desktop in order to assist you when carrying out the following instructions.

Notes
Things arent changing here...
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
IF you are disabling things in MSConfig, please re-enable everything! this is hindering our fix.

Downloads
Download fix.txt from the attachment at the bottom of this post, save it to your desktop and rightclick/rename it to Fix.bat

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
SurfSideKick
tagasaurus
media Access
"DNS" or "content catcher"


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{CA4CA9F9-C0E6-E28B-C54A-5C5376E4338A} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: SDWin32 Class - {87C4C2C2-330A-4154-9001-968D1E04885F} - C:\WINDOWS\system32\crwtf.dll (file missing)
O2 - BHO: (no name) - {C86F9CB0-46EF-9009-AEC0-8F21DBADF551} - C:\WINDOWS\Mgmpgrbw.dll
O2 - BHO: I
nternet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [pjwn] C:\WINDOWS\system32\jgjua\pjwn.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [cashplusmedia1.exe.exe] C:\WINDOWS\system32\cashplusmedia1.exe.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe
O23 - Service: bpkomxgbilic - Unknown owner - C:\WINDOWS\system32\ilic\bpkomxgb.exe
O23 - Service: pjwnjgjua - Unknown owner - C:\WINDOWS\system32\jgjua\pjwn.exe

Please remember to close all other windows, including browsers then click Fix checked.


Run Downloaded Programs
Run/double click Fix.bat a dos window will open and close, this is normal.

File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

AUNPS2.DLL <-- search for and delete via Start | Search


Reboot your system in Normal Mode.


Please post a fresh Hijack This log so that we can check if your system is clean.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #11
ya about the msconfig i messed with sometime ago and the start bar at the bottom is grey and like it like my old computer think it was like a windows 98 or something how do i fix msconfig for it i enabled everything and didnt help.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #13
When i downloaded the Fix.txt and renamed it with fix.bat it just opened up notepad with some stuff on it and when i searched for aunps2.dll it wasnt there. Here is a new hijackthis log. Logfile of HijackThis v1.99.1
Scan saved at 8:42:06 PM, on 9/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SDWin32 Class - {87C4C2C2-330A-4154-9001-968D1E04885F} - C:\WINDOWS\system32\crwtf.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Search - {89F4923E-32BA-758F-7DBB-20E40447D73D} - C:\WINDOWS\Mgmpgrbw.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [ypoyenc] C:\WINDOWS\ypoyenc.EXE
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\Sys98
O4 - HKLM\..\Run: [xhau] C:\WINDOWS\system32\kned\xhau.exe
O4 - HKLM\..\Run: [wjvkudn] C:\WINDOWS\wjvkudn.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tqwrwj.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [sys011518249531] C:\WINDOWS\sys011518249531.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Irmfzv.exe
O4 - HKLM\..\Run: [ronqliv] C:\WINDOWS\ronqliv.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [rdsodll] C:\WINDOWS\rdsodll.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qmgxe] C:\WINDOWS\system32\riykb\qmgxe.exe
O4 - HKLM\..\Run: [ProSiteFinder] "C:\Program Files\ProSiteFinder\ProSiteFinder.exe"
O4 - HKLM\..\Run: [ormgpx] C:\WINDOWS\system32\wndh\ormgpx.exe
O4 - HKLM\..\Run: [ohlkh] C:\WINDOWS\system32\iiuewgu\ohlkh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [mmxp2passion.exe] C:\WINDOWS\system32\mmxp2passion.exe
O4 - HKLM\..\Run: [mhwelt] C:\WINDOWS\system32\fbcwbny\mhwelt.exe
O4 - HKLM\..\Run: [meijsbw] C:\WINDOWS\system32\sprnggus\meijsbw.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [Media Gateway] C:\DOCUME~1\Owner\LOCALS~1\Temp\MediaGateway.exe
O4 - HKLM\..\Run: [lum49qo1] C:\WINDOWS\system32\lum49qo1.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [jfwosup] C:\WINDOWS\system32\apyuyiq\jfwosup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124381447\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [hgxm] C:\WINDOWS\system32\srekiyjg\hgxm.exe
O4 - HKLM\..\Run: [haojcjj] C:\WINDOWS\system32\jqoofkb\haojcjj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [fmdy] C:\WINDOWS\system32\wumqb\fmdy.exe
O4 - HKLM\..\Run: [elos] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [ctbienc] C:\WINDOWS\ctbienc.EXE
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [bpkomxgb] C:\WINDOWS\system32\ilic\bpkomxgb.exe
O4 - HKLM\..\Run: [AVTray] "C:\Program Files\WinAntiVirus 2006 Pro\AVTray.exe"
O4 - HKLM\..\Run: [argak] C:\WINDOWS\system32\rckd\argak.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\adprot.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe
O4 - HKLM\..\Run: [lo9mv7g2] C:\WINDOWS\system32\lo9mv7g2.exe
O4 - HKLM\..\Run: [OSS] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [Sys98] C:\WINDOWS\Sys98.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rvsh] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [fxsrdd] C:\WINDOWS\system32\fxsrdd.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [AssignmentBerlinSetup.exe] C:\DOCUME~1\Owner\MYDOCU~1\Games\ASSIGN~1.EXE /r
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O4 - Startup: Registration Brothers In Arms.LNK = L:\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125888296531
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 

·
Registered
Joined
·
1,462 Posts
Hi NeedHelp123,

You need to follow all my instructions and do nothing else to your computer please. If you are surfing the web, please don't. Do not download anything new to your computer unless I ask please. Your HiJackthis log had nearly doubled in infections. Also please do not disable anything via msconfig, because that's not fixing the problem, but hiding the problem.
So please follow my instructions very carefully and do not do anything on your own. We will soon get your badly infected computer back up and running again.

Thanks,

Skate_Punk_21

Please await my next set of instructions.
 

·
Registered
Joined
·
1,462 Posts
So you know, my intention is to let the scanners remove whatever they can so there is as little as possible to do by hand!

Download MWaveScan
  • Double-click mwav.exe and unzip it to its default Directory @ C:\Kaspersky
  • Locate "kavupd.exe" in the New Folder and Double Click to Update.
  • If it says the signatures are more than 30 days old, keep trying![*]Keep trying until you get the actual signatures! (it will say "downloading yadda yadda yadda")
  • When you see "Updates downloaded Successfully, please press any key to continue" go ahead, but do not run anything else in this folder...


Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


Now go to the Kaspersky folder-> Locate and Double Click "mwavscan.com" to launch the MWAV Scanner!

Once opened-> Leave the Default Settings "ticked" and add a "tick" to"Drives"-> this will light up "All Drives"-> Add a "tick" to "Scan all Files"-> Click "Scan Clean" to begin!
This Scan may take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

1. Once the Scan has finished, All entries Identified as Infected will displayed in the lower pane! - Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!
2. Open a Blank Notepad Page and Paste the results (Ctrl+V) to it and Save it to your Desktop!

POST THIS LOG IN YOUR NEXT REPLY

ALSO Run Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

POST THIS LOG AS WELL!
and last but not least... a fresh HijackThis Log...

Reboot back to normal mode. and post the requested logs please.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #16
ya sorry but i got 4 brothers and one computer so i cant really sop them from going on websites or downloading i will be back with the results when i get them.
 

·
Registered
Joined
·
14 Posts
Discussion Starter #17
Here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 12:30:25 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Search - {89F4923E-32BA-758F-7DBB-20E40447D73D} - C:\WINDOWS\Mgmpgrbw.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\Sys98
O4 - HKLM\..\Run: [xhau] C:\WINDOWS\system32\kned\xhau.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tqwrwj.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [sys011518249531] C:\WINDOWS\sys011518249531.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Irmfzv.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qmgxe] C:\WINDOWS\system32\riykb\qmgxe.exe
O4 - HKLM\..\Run: [ormgpx] C:\WINDOWS\system32\wndh\ormgpx.exe
O4 - HKLM\..\Run: [ohlkh] C:\WINDOWS\system32\iiuewgu\ohlkh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [mhwelt] C:\WINDOWS\system32\fbcwbny\mhwelt.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [lum49qo1] C:\WINDOWS\system32\lum49qo1.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [jfwosup] C:\WINDOWS\system32\apyuyiq\jfwosup.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [hgxm] C:\WINDOWS\system32\srekiyjg\hgxm.exe
O4 - HKLM\..\Run: [haojcjj] C:\WINDOWS\system32\jqoofkb\haojcjj.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [fmdy] C:\WINDOWS\system32\wumqb\fmdy.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [bpkomxgb] C:\WINDOWS\system32\ilic\bpkomxgb.exe
O4 - HKLM\..\Run: [AVTray] "C:\Program Files\WinAntiVirus 2006 Pro\AVTray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\adprot.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [pjwn] C:\WINDOWS\system32\jgjua\pjwn.exe
O4 - HKLM\..\Run: [OSS] C:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rvsh] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe
O4 - HKCU\..\Run: [AssignmentBerlinSetup.exe] C:\DOCUME~1\Owner\MYDOCU~1\Games\ASSIGN~1.EXE /r
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
O4 - Startup: Registration Brothers In Arms.LNK = L:\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125888296531
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pjwnjgjua - Unknown owner - C:\WINDOWS\system32\jgjua\pjwn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:29:38 PM, 9/28/2005
+ Report-Checksum: C3317E20

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-2734301440-3897766715-2027597333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
C:\backup.zip/dwvoice.dll -> Spyware.Look2Me : Cleaned with backup
C:\backup.zip/kadusl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mn0yiysz.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\6jdcmlkk.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8s8lb7fe.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\lo9mv7g2.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\vl80isfm.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\WinDmy.dll -> Spyware.Getmirar : Cleaned with backup
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup


::Report End

File C:\WINDOWS\system32\WinNB57.dll tagged as not-a-virus:AdWare.Mirar.b. No Action Taken.
File C:\WINDOWS\Sys98.exe infected by "Trojan.Win32.VB.tg" Virus. Action Taken: File Deleted.
File C:\WINDOWS\6jdcmlkk.exe tagged as not-a-virus:AdWare.Sahat.ah. No Action Taken.
File C:\WINDOWS\ssk3b5doublemedia.exe infected by "Trojan-Dropper.Win32.Small.qn" Virus. Action Taken: File Deleted.
File C:\WINDOWS\YourMonitor.exe infected by "Trojan.Win32.VB.tg" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\6jdcmlkk.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\8s8lb7fe.exe tagged as not-a-virus:AdWare.Sahat.f. No Action Taken.
File C:\WINDOWS\system32\cpkh0e23.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\ilonkrvr.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\lo9mv7g2.exe tagged as not-a-virus:AdWare.Sahat.ai. No Action Taken.
File C:\WINDOWS\system32\mskplb.dll tagged as not-a-virus:AdWare.Ipend. No Action Taken.
File C:\WINDOWS\system32\vl80isfm.dll tagged as not-a-virus:AdWare.Sahat.ad. No Action Taken.
File C:\WINDOWS\system32\WinDmy.dll tagged as not-a-virus:AdWare.Mirar.a. No Action Taken.
File C:\WINDOWS\system32\WinNB57.dll tagged as not-a-virus:AdWare.Mirar.b. No Action Taken.
File C:\!Submit\mc-58-12-0000106.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\backup.zip tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\102_marketingsector_4_0_3_7.exectlztnmw infected by "Trojan-Downloader.Win32.TSUpdate.j" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\webrebates.exesznttrbz tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllacyiddsu infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllanbnghrw infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllaoycvxvh infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllbcbdhhay infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllbcnpsswn infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllbzbkpoqk infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllcgcxhbll infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllcmotcrva infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllcwcsywzu infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllczffbago infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlldfhhtgtp infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlldisuwkar infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlldkrfwsas infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllejhblzec infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlleqhwdmsl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllfntxpxxb infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllfuhpcgcy infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllgnhemvbm infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllgwxmjhre infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllhdsgcbgv infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllhemoysrq infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllhexzbcnf infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllhiybbwqs infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlliibwnagw infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlliimiqlcl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllimnjpffz infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllirzaopzr infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlljbnehsaa infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlljfyjkwzc infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlljvzcfjkm infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllklalccuc infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllkloarzzn infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlllasbdkee infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlllfetjuye infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlllqbmgwho infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlllwsalqtq infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllmtsquqca infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllmwedxvbu infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllnatlmdqb infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllngfzhuhq infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllngqksevx infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllnjimjygl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllnyfephmh infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllokfsgvke infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllonfuypvr infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllpeavwfwb infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllpkjvsaai infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllpouavezk infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllprynyige infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllqfzkzbpo infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllqzvxfkyy infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllrblmumue infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllrbwxxxil infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllrfozwqtz infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllscphgyci infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllsdmlhnwd infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllsebbjvjc infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllsflglnxs infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllsjlhlhif infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllsoieitax infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllswafepmn infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllswmqpaic infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllszyoappk infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllteqqyknv infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlltiqjxeyi infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlltlbwaixl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlltnapapxl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlltyduduwg infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dlluifymtcb infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllvcdnburz infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllvkgxzula infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllvquztdun infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllvtqyhkwx infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllvxrzzezs infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllwgsvqlfg infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllwqjoqsgg infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllxhhkfakz infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllyhwqcpok infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllylwsujyx infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllyowlucjl infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllzbexlvlt infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllzbtrmlnb infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllzhaloceo infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllzllyrycq infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\xud_69.dllzwwglxxt infected by "Trojan-Downloader.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-23d1fdfe.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Owner\My Documents\My Music\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
File C:\Program Files\asys\VFX60_nok.exe infected by "Trojan-Dropper.Win32.Agent.tb" Virus. Action Taken: File Deleted.
File C:\Program Files\Common Files\InetGet\mc-58-12-0000106.exe tagged as not-a-virus:AdWare.Maxifiles.h. No Action Taken.
File C:\Program Files\Common Files\services.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\Program Files\Common Files\Windows\mc-58-12-0000106.exe tagged as not-a-virus:AdWare.Maxifiles.h. No Action Taken.
File C:\Program Files\Common Files\Windows\services32.exe tagged as not-a-virus:AdWare.Maxifiles.h. No Action Taken.
File C:\Program Files\Ftk\Ftkcpy_inst.exe infected by "Trojan.Win32.Starter.g" Virus. Action Taken: File Deleted.
File C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe tagged as not-a-virus:AdWare.WinAD. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\43437F33 infected by "Trojan-Downloader.Win32.Small.kl" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\45D86F3D infected by "Trojan-Downloader.Win32.Small.kl" Virus. Action Taken: File Deleted.
File C:\Program Files\ProSiteFinder\ProSiteFinder.dll tagged as not-a-virus:AdWare.ClearSearch.y. No Action Taken.
File C:\Program Files\snss\snss.exe tagged as not-a-virus:AdWare.SideSearch.i. No Action Taken.
File C:\Program Files\tvs\BPCv2.Plugins.dll tagged as not-a-virus:AdWare.Broadcap.d. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2\A0000143.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0000188.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0000206.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0000226.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0000245.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0000273.exe tagged as not-a-virus:AdWare.Maxifiles.j. No Action Taken.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0001318.exe infected by "Trojan.Win32.VB.tg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0001319.exe infected by "Trojan-Dropper.Win32.Small.qn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0001320.exe infected by "Trojan.Win32.VB.tg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0001321.exe infected by "Trojan-Dropper.Win32.Agent.tb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP3\A0001322.exe infected by "Trojan.Win32.Starter.g" Virus. Action Taken: File Deleted.
File C:\WINDOWS\6jdcmlkk.exe tagged as not-a-virus:AdWare.Sahat.ah. No Action Taken.
File C:\WINDOWS\system32\6jdcmlkk.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\8s8lb7fe.exe tagged as not-a-virus:AdWare.Sahat.f. No Action Taken.
File C:\WINDOWS\system32\cpkh0e23.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\ilonkrvr.ini tagged as not-a-virus:AdWare.Sahat.ao. No Action Taken.
File C:\WINDOWS\system32\lo9mv7g2.exe tagged as not-a-virus:AdWare.Sahat.ai. No Action Taken.
File C:\WINDOWS\system32\mskplb.dll tagged as not-a-virus:AdWare.Ipend. No Action Taken.
File C:\WINDOWS\system32\vbfcsirl\lgcikyrk.dll infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\vl80isfm.dll tagged as not-a-virus:AdWare.Sahat.ad. No Action Taken.
File C:\WINDOWS\system32\WinDmy.dll tagged as not-a-virus:AdWare.Mirar.a. No Action Taken.
File C:\WINDOWS\system32\WinNB57.dll tagged as not-a-virus:AdWare.Mirar.b. No Action Taken.
File C:\WINDOWS\Temp\180sainstallersca.exe tagged as not-a-virus:AdWare.180Solutions.k. No Action Taken.
File C:\WINDOWS\Temp\install.exe tagged as not-a-virus:AdWare.Adstart.c. No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0YP8ILB4\director_install[1].exe tagged as not-a-virus:AdWare.Maxifiles.h. No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CSAADWMB\director_install[1].exe tagged as not-a-virus:AdWare.Maxifiles.h. No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CSAADWMB\install[1].exe tagged as not-a-virus:AdWare.Adstart.c. No Action Taken.
 

·
Registered
Joined
·
1,462 Posts
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp!http://www.geekstogo.com/modules.php?modid=5&action=download&id=49 and install it. DO NOT RUN IT YET

Download Killbox
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Select each of the following files below with your mouse, then right click and select copy, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Now in Killbox go to, File then select, Paste from clipboard! Now hit the X button - choose YES when it asks if you want to reboot) Click Yes at the 'Pending Operations prompt'. if you see it:
C:\program files\common files\Windows\services32.exe
C:\WINDOWS\system32\kned\xhau.exe
C:\WINDOWS\system32\Tqwrwj.exe
C:\WINDOWS\system32\testit.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\WINDOWS\\etb\pokapoka68.exe
C:\WINDOWS\sys025182495311.exe
C:\WINDOWS\sys011518249531.exe
C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll
C:\WINDOWS\system32\stb.exe
C:\Program Files\snss\snss.exe
C:\WINDOWS\system32\Irmfzv.exe
C:\WINDOWS\system32\richup.exe
C:\WINDOWS\system32\riykb\qmgxe.exe
C:\WINDOWS\system32\wndh\ormgpx.exe
C:\WINDOWS\system32\iiuewgu\ohlkh.exe
C:\WINDOWS\ms048249531151.exe
C:\WINDOWS\system32\fbcwbny\mhwelt.exe
C:\WINDOWS\system32\mediapluscash.exe
C:\WINDOWS\system32\lum49qo1.exe
C:\WINDOWS\system32\apyuyiq\jfwosup.exe
C:\WINDOWS\system32\srekiyjg\hgxm.exe
C:\WINDOWS\system32\jqoofkb\haojcjj.exe
C:\WINDOWS\ctbidll.EXE
C:\WINDOWS\system32\cashfortool.exee
C:\WINDOWS\system32\ilic\bpkomxgb.exe
C:\WINDOWS\system32\adprot.exe
C:\WINDOWS\exe82.exe
C:\WINDOWS\system32\jgjua\pjwn.exe
C:\windows\rlvknlg.exe -boot
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\TEMP\cornseedB.exe
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\6jdcmlkk.exe
C:\WINDOWS\system32\6jdcmlkk.ini
C:\WINDOWS\system32\8s8lb7fe.exe
C:\WINDOWS\system32\cpkh0e23.ini
C:\WINDOWS\system32\ilonkrvr.ini
C:\WINDOWS\system32\lo9mv7g2.exe
C:\WINDOWS\system32\mskplb.dll
C:\WINDOWS\system32\vl80isfm.dll
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32\WinNB57.dll
C:\!Submit\mc-58-12-0000106.exe
C:\backup.zip
C:\Documents and Settings\All Users\Application Data\WinSoftware\WinAntiVirus 2006 Pro\Quarantine\
C:\program files\common files\InetGet\mc-58-12-0000106.exe
C:\program files\common files\services.exe
C:\program files\common files\Windows\mc-58-12-0000106.exe
C:\program files\ProSiteFinder\ProSiteFinder.dll
C:\program files\snss\snss.exe
C:\program files\tvs\BPCv2.Plugins.dll
C:\WINDOWS\6jdcmlkk.exetagged
C:\WINDOWS\system32\6jdcmlkk.ini
C:\WINDOWS\system32\8s8lb7fe.exe
C:\WINDOWS\system32\cpkh0e23.ini
C:\WINDOWS\system32\ilonkrvr.ini
C:\WINDOWS\system32\lo9mv7g2.exe
C:\WINDOWS\system32\mskplb.dll
C:\WINDOWS\system32\vl80isfm.dll
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\Temp\180sainstallersca.exe
C:\WINDOWS\system32\w?wexec.exe
C:\WINDOWS\Temp\install.exe
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.



Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O1 - Hosts: 216.39.69.102 view.atdmt.com
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\Sys98
O4 - HKLM\..\Run: [xhau] C:\WINDOWS\system32\kned\xhau.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Tqwrwj.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [sys025182495311] C:\WINDOWS\sys025182495311.exe
O4 - HKLM\..\Run: [sys011518249531] C:\WINDOWS\sys011518249531.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Irmfzv.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [qmgxe] C:\WINDOWS\system32\riykb\qmgxe.exe
O4 - HKLM\..\Run: [ormgpx] C:\WINDOWS\system32\wndh\ormgpx.exe
O4 - HKLM\..\Run: [ohlkh] C:\WINDOWS\system32\iiuewgu\ohlkh.exe
O4 - HKLM\..\Run: [ms048249531151] C:\WINDOWS\ms048249531151.exe
O4 - HKLM\..\Run: [mhwelt] C:\WINDOWS\system32\fbcwbny\mhwelt.exe
O4 - HKLM\..\Run: [mediapluscash.exe] C:\WINDOWS\system32\mediapluscash.exe
O4 - HKLM\..\Run: [lum49qo1] C:\WINDOWS\system32\lum49qo1.exe
O4 - HKLM\..\Run: [jfwosup] C:\WINDOWS\system32\apyuyiq\jfwosup.exe
O4 - HKLM\..\Run: [hgxm] C:\WINDOWS\system32\srekiyjg\hgxm.exe
O4 - HKLM\..\Run: [haojcjj] C:\WINDOWS\system32\jqoofkb\haojcjj.exe
O4 - HKLM\..\Run: [fmdy] C:\WINDOWS\system32\wumqb\fmdy.exe
O4 - HKLM\..\Run: [ctbidll] C:\WINDOWS\ctbidll.EXE
O4 - HKLM\..\Run: [cashfortool.exee] C:\WINDOWS\system32\cashfortool.exee
O4 - HKLM\..\Run: [bpkomxgb] C:\WINDOWS\system32\ilic\bpkomxgb.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\system32\adprot.exe
O4 - HKLM\..\Run: [51=L] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [pjwn] C:\WINDOWS\system32\jgjua\pjwn.exe
O4 - HKLM\..\Run: [OSS] C:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SysCheck32] C:\WINDOWS\SysCheckBop32.exe
O4 - HKCU\..\Run: [Rvsh] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [cornseedB.exe] C:\WINDOWS\TEMP\cornseedB.exe

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following folders Listed in Blue
C:\WINDOWS\system32\kned\
C:\WINDOWS\etb\
C:\Program Files\snss\
C:\WINDOWS\system32\iiuewgu\
C:\WINDOWS\system32\fbcwbny\
C:\WINDOWS\system32\apyuyiq\
C:\WINDOWS\system32\srekiyjg\
C:\WINDOWS\system32\jqoofkb\
C:\WINDOWS\system32\ilic\
C:\WINDOWS\system32\jgjua\
C:\!Submit\
C:\program files\common files\InetGet\
C:\program files\common files\Windows\
C:\program files\Logitech\Resource Center\installers\wildtangent\
C:\WINDOWS\Sys98\

If you cant find some of them open a command prompt via "start" | "Run" and type cmd then hit enter.
in the command prompt that follows type (as an example)
rd /q /s C:\WINDOWS\etb
then hit enter.

Run CleanUp! Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Scan local drives for temporary files (Please uncheck this option)
    • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

reboot back to normal mode

WHEN COMPLETE POST A NEW HJT LOG
 

·
Registered
Joined
·
14 Posts
Discussion Starter #19
here ya go Logfile of HijackThis v1.99.1
Scan saved at 7:03:00 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinAntiVirus 2006 Pro\AVKernel.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\OpenOffice.org 1.9.79\program\quickstart.exe
C:\Program Files\OpenOffice.org 1.9.79\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.79\program\soffice.BIN
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program

Files\SurfSideKick 3\SskBho.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and

Settings\Owner\Application Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBW

eb_01.src"); (C:\Documents and Settings\Owner\Application

Data\Mozilla\Profiles\default\o5ko38hp.slt\prefs.js)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Search - {89F4923E-32BA-758F-7DBB-20E40447D73D} -

C:\WINDOWS\Mgmpgrbw.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program

Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ll4ldk.exe reg_run
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common

Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program

Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang

1033 -lock
O4 - HKLM\..\Run: [AVTray] "C:\Program Files\WinAntiVirus 2006 Pro\AVTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AssignmentBerlinSetup.exe]

C:\DOCUME~1\Owner\MYDOCU~1\Games\ASSIGN~1.EXE /r
O4 - Startup: OpenOffice.org 1.9.79.lnk = C:\Program Files\OpenOffice.org

1.9.79\program\quickstart.exe
O4 - Startup: Registration Brothers In Arms.LNK =

L:\Support\Register\RegistrationReminder.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK

Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from

HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) -

http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)

- http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -

https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.o

cx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11

25888296531
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: bw+0 - {0F2DAD94-1DD2-40BF-99E2-DCA39DDA8256} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVKernel - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus 2006

Pro\AVKernel.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pjwnjgjua - Unknown owner - C:\WINDOWS\system32\jgjua\pjwn.exe (file

missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
 

·
Registered
Joined
·
1,462 Posts
OH MY LORD YES!!!!!!!! ITS ALMOST CLEAN!!!!!!!
1 last step...

Stop NT Service

Part1

  • Click Start>Run, type services.msc into the Open editbox and click the Ok button.
  • Locate the " pjwnjgjua " service and double-click on it to open the Properties dialog.
  • Click the Stop button.
  • In the Startup type dropdown select Disabled.
  • Click the Apply button and then the Ok button.
  • Close the Services window
Part 2
    • Double click on HijackThis.exe to run it.
    • Go to Config || Misc Tools
    • click the button labelled "Delete An NT Service..."
    • In the dialogue that appears, enter
      pjwnjgjua
    • When you have entered the service Click "OK" and then Give the OK to any prompts that follow
    • Reboot
    That is minor, i DONT need a fresh log after that unless you are still having problems...

    now before the brothers get too far into destroying it...

    Congratulations Your Log is Clean!!

    If you are still having trouble, please dont continue with these instructions just yet. LET ME KNOW!

    Otherwise, we have a few clean up items to deal with.

    1. System Restore
    Now that we know your system is clean, we want to purge any potentially infected restore points. To do that, complete the following:

    Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.

    To re-enable this function - simply uncheck this same box, and click "apply" and "ok"


    2. Reset Hidden Files & Folders
    Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is UNchecked. Also make sure that the System Files and Folders are invisible. CHECK the Hide protected operating system files option.


    Also Consider...
    • SpywareBlaster to help prevent spyware from installing in the first place.
    • SpywareGuard to catch and block spyware before it can execute.
    • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    You should also have a good firewall. Here are 3 free ones available for personal use:

    How is she running now? Any further problems? If not, Good work, and Happy Computing!

    Please reply once more so we know you have read these measures.
 
1 - 20 of 26 Posts
Status
Not open for further replies.
Top