Tech Support banner

Status
Not open for further replies.
1 - 20 of 26 Posts

·
Registered
Joined
·
21 Posts
Discussion Starter #1
Hello Guys!!

This is the first time I use HiJackThis, so I hope I did ok.
Looking for some advice from the experts to improve the performance of my PC.
Let me know your advices.




Logfile of HijackThis v1.99.1
Scan saved at 10:08:33 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Run hijackthis and fix the following entry....

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the ”Free Online Virus Scan” in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.
Once it has finished save the activescan log. Then post that log in your next post.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Click on see report. Then click Save report
 

·
Registered
Joined
·
21 Posts
Discussion Starter #5
OK, here it is. I also added the description:



Incident Status Location

Adware:adware/surfaccuracy No disinfected Windows Registry

Brief Description

SurfAccuracy is adware.
Adware is a license form for using programs, which offers the application at the only cost of viewing a series of advertisements. However, these programs sometimes collect data on Internet usage habits, pages viewed, inventory of the applications installed in the computer, etc.
Then, this information can be sent to Internet advertising companies.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Lets see if another scanner will clean that entry....

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #7
I think I did it twice, but here it is anyway:

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning


Let me know what you think.
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
That log is clean. Run another Panda scan and see if it picks it up again. If it does...you'll need to use regedit and remove any keys that contain surfaccuracy in them. Let me know of any problems.

Also post a new hijackthis log.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #9
Still there. Let me know how to remove it using the reg edit. Do you want the HiJachThis log now or after I use regedit?





Incident Status Location

Adware:adware/surfaccuracy No disinfected Windows Registry
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Click start...run...type in regedit. Once that opens...click edit..find..and do a search for any keys that contain surfaccuracy and delete them. Follow these directions and back up your registry before attempting... http://support.microsoft.com/kb/322756
 

·
Registered
Joined
·
21 Posts
Discussion Starter #11
I do the RegEdit Search but it does not ring any values at all. It just start serching and then ends but no positive or negative results.
Am I doing something wrong?
 

·
Registered
Joined
·
6,574 Posts
No. It just confirms that it is a redundant, non harmful, registry entry. If it's really buggin you, you can use RegSearch I suppose, but it's causing no harm to your system.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #13
Here is the other HiJachThis log.
Let me know your expert opinion.


Logfile of HijackThis v1.99.1
Scan saved at 9:42:02 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ngsh35.clsIS - {392BAF48-A26A-45B5-9263-97128E429268} - C:\WINDOWS\system32\ngsh35.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Since you picked up a new entry..lets go with a general fix....

Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete!


Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O2 - BHO: ngsh35.clsIS - {392BAF48-A26A-45B5-9263-97128E429268} - C:\WINDOWS\system32\ngsh35.dll (file missing)

C:\WINDOWS\system32\ngsh35.dll <--delete that file

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
  • Once finished, click the [Save report] button
  • Save the report to your desktop
Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows....

Post the Ewido log and a new hijackthis log. Let me know of any problems.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #15
Well, here they are.
I think I did everything as you specified except for the CleanUp program. I forgot to install it before I had two use it. Let me know if it is ok anyway.




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:15:20 PM, 11/5/2005
+ Report-Checksum: A72BFE7D

+ Scan result:

C:\contextplus.exe -> Trojan.Crypt.t : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.790:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVKTQZSL\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVKTQZSL\mte3ndm6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EPMDM5C1\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup
C:\drsmartload.exe -> Spyware.SmartLoad : Cleaned with backup
C:\mte3ndm6odoxng.exe -> TrojanDownloader.Small.buy : Cleaned with backup



Logfile of HijackThis v1.99.1
Scan saved at 12:54:15 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ngsh35.clsIS - {392BAF48-A26A-45B5-9263-97128E429268} - C:\WINDOWS\system32\ngsh35.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
No it's not OK. Most malware hides in the TEMP folder and reinstalls from there..so you can remove it 100 times..and unless you take out it's core install files..it reinstalls.

Now..Download and install Cleanup. Run it with the previous instructions I layed out and reboot back into safe mode.

Close down McAfee or any other programs running.

Run hijackthis and fix these entrys..

O2 - BHO: ngsh35.clsIS - {392BAF48-A26A-45B5-9263-97128E429268} - C:\WINDOWS\system32\ngsh35.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)


Run Ewido again and save the log...

Reboot back to normal windows...

Please post the Ewido log and a new HJT log.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #17
What I ment is that I did not pre instal cleanUp before using it. I download it but didn't install it untill the time to use it, that was in safe mode.
Do I need to run it again?
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Ahhh I See....

Yes..please run it again at the beginning of my last fix..then continue with the fix and post the logs.
 

·
Registered
Joined
·
21 Posts
Discussion Starter #19
Well, lets se how I did this time. Let me know what you whats next.


Logfile of HijackThis v1.99.1
Scan saved at 11:51:24 AM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04

\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence

Manager ESD.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1

\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1

\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1

\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp

Utilities 2004\WinStylerThemeSvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:15:20 PM, 11/5/2005
+ Report-Checksum: A72BFE7D

+ Scan result:

C:\contextplus.exe -> Trojan.Crypt.t : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.790:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.806:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.807:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.808:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.809:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.813:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.820:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.826:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.828:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.830:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\qrtvjp63.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVKTQZSL\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVKTQZSL\mte3ndm6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EPMDM5C1\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup
C:\drsmartload.exe -> Spyware.SmartLoad : Cleaned with backup
C:\mte3ndm6odoxng.exe -> TrojanDownloader.Small.buy : Cleaned with backup


::Report End
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Report any problems your having. How are things running?
 
1 - 20 of 26 Posts
Status
Not open for further replies.
Top