Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

spyaxe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

spyaxe

Unread postby DAN SKINNER » December 5th, 2005, 6:50 am

Hi there, please can you advise me how to get rid of spyaxe? I'm a computer novice in terms of removing such rubbish. I'm dependent on my laptop. I tried noah's site and downloaded his spyaxe removal tool, but my AVG antivirus thought it was a virus and I had to stop. Please help
Dan
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am
Advertisement
Register to Remove

Unread postby AndyAtHull » December 5th, 2005, 8:16 am

Hi DAN SKINNER,

Before we can help you we need a HJT log. Look in here on how to do so:

http://www.malwareremoval.com/forum/viewtopic.php?t=12

Post back with a fresh HJT log and tell me any problems you are having. And what scans you have ran. And I will be happy to help.

Kind Regards, AndyAtHull
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby AndyAtHull » December 5th, 2005, 8:41 am

Dan. I appriciate you sending me a log. However please post your log in this thread and not in PM. Thank you. :)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

dan skinner log posted again, right place I hope

Unread postby DAN SKINNER » December 5th, 2005, 8:49 am

Logfile of HijackThis v1.99.1
Scan saved at 12:26:59, on 05/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16a25250028 ... xIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2476075562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8FB66C7-8E05-48A0-BB29-A6387519CB5D}: NameServer = 62.6.40.178 194.72.9.38
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 5th, 2005, 12:19 pm

Thank you Dan for the log :D Before I research your log and wait for my teachers to reply back to me I have one question.

Did you fix SpyAxe and then AVG picked it up as an infection?. Or did you stop half way through the spyware fix?
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

spyaxe

Unread postby DAN SKINNER » December 5th, 2005, 8:28 pm

AVG did not at any point appear to recognise that spyaxe was a problem, and still doesnt. I have undeleted spyaxe a couple of times myself, but it keeps reappearing, and a dialup window which will connect me to spyaxe is now automatically appearing on startup. Each time I close it, without dialing. The popup from the taskbar I just have to keep hidden as a away of being able to work on the computer at all. Computer is getting really slow on startup now.
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 6th, 2005, 8:42 am

Hi Dan pleae follow the fix bellow.

----------

Place a shortcut to Panda ActiveScan on your desktop.

----------

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

----------

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

----------
Reveal Hidden Files

  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.

----------

I would strongly recommend removing PartyPoker. By doing to go to Add/Remove and look for this name and remove:

PartyPoker

Also uninstall this

MyWay

----------

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

----------

Next, please reboot your computer in SafeMode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

----------

Before we can proceed we need to diasble AVG. As is interfers with the following fixes:

1. Double-click on the AVG Tray Icon on the bottom right.
2. Double-click on "AVG Resident Shield"
3. And uncheck "Turn on AVG Resident Shield Protection" then click OK. Remember to turn it back on after the fix.

----------

Now scan with HJT and place a checkmark next to each of the following items and making sure no other windows are open apart from HJT and click FIX CHECKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16a25250028 ... xIE601.cab


Close HiJackThis.

----------

Some folders may not have gone even after the HJT fix we carried out. So please look for these folders and delete them:

Navigate to these folders in RED. Use Find (F3) or Start>Search>Delete these folders, if present:

Folder....

C:\Program Files\PartyPoker
C:\Program Files\MyWay

If you have any problems deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, click End Process, then retry delete.
(Note the name and location of any file you cannot delete.)

----------

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

----------

Open Ad-aware and do a full scan. Remove all it finds.

----------

Run Ewido:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

----------

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

----------

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

all logs. Spyaxe bubble gone, computer v. slow, any advice?

Unread postby DAN SKINNER » December 7th, 2005, 6:03 am

Logfile of HijackThis v1.99.1
Scan saved at 09:40:51, on 07/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2476075562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

activescan txt
Incident Status Location

Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\Mail\mail.btinternet.com\Inbox[~0003083.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\Mail\mail.btinternet.com\Trash[~0000581.~]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5ad1bcbe-1758d4cc.zip[InstallerApplet.class]
Possible Virus. Not desinfected C:\Program Files\XAudioTools\Advanced MP3 WMA Recorder\ADRScheduler.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:00:29, 07/12/2005
+ Report-Checksum: 13FA465D

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1190304192-1588050278-3560213915-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
[500] C:\WINDOWS\system32\ld896.tmp -> Downloader.Zlob.az : Error during cleaning
:mozilla.9:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.10:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.23:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.43:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.45:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.47:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.76:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.81:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.82:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.83:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.84:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.85:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.86:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.87:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.88:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.89:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.90:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.91:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.101:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.102:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.104:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.105:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.106:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.111:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.112:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.113:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.116:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.121:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.123:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.128:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.131:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.132:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.154:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.157:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.184:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.185:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.186:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.189:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.209:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.210:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.211:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.212:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.213:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.214:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.215:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.218:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.225:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.226:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.249:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.251:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.252:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.253:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.254:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.256:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.257:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.264:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.265:C:\Documents and Settings\All Users\ Application Data\Mozilla\Profiles\default\3ydi5fko.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Dan\Application Data\Netscape\NSAE\Profiles\vsxr65y9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Dan\Application Data\Netscape\NSB\Profiles\3uxhb7p5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Dan\Desktop\Brendan\Civ3-GameoftheYear-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Dan\My Documents\wierd\Virtual Drugs\Puddle.exe -> Trojan.Happyday : Cleaned with backup
C:\Download\Civ3-GameoftheYear(2).exe -> Spyware.Trymedia : Cleaned with backup
C:\Download\Civ3-GameoftheYear.exe -> Spyware.Trymedia : Cleaned with backup
C:\Download\Civ3GoldSetup-dm(1).exe -> Spyware.Trymedia : Cleaned with backup
C:\Download\Civ3GoldSetup-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Download\VideoCodec3_05b.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\mscornet.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__ld896.tmp -> Downloader.Zlob.az : Cleaned with backup


::Report End



smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 06/12/2005
The current time is: 23:03:39.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Free XXX Sites List.url
Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ncompat.tlb
mscornet.exe


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'
Killing PID 1260 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

mscornet.exe


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 7th, 2005, 7:46 am

Thanks DAN ;)

Nearly there.

You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Read this instructions carefully and feel free to ask if you're unsure about something

----------

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 6 .

To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:

You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software.

Or you can get the manual download here:

Once you have installed the latest update, please go to Add/Remove Programs and remove all older instances of Java listed there.

----------

Update Ewido:

1 You will need to update ewido to the latest definition files:

* On the left hand side of the main screen click update.
* Then click on Start Update.


2 The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")

Do not run ewido yet

----------

Re-run Adware and Spybot. Remembering to reboot between each scan.

Doing this is common. When scanning these applications for the first time it may not pick up everything. Re-running them allows to check again to be on the safe side.

----------

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

1. Open Microsoft AntiSpyware.
2. Click on Tools, Settings.
3. In the left pane, click on Real-time Protection.
4. Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
5. Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
6. After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
7. Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

----------

Reveal Hidden Files

  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.


----------

Please disconnect from the Internet and unplug your modem for the duration of this fix

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in Safe Mode.

----------

Right click on "Start", select "Explorer", and then use the "Tree" in the left hand panel to navigate to C:\Windows\System32\ to find and delete the file ld896.tmp.

If the file does not delete, right click on it, select "Properties", and then look under the "general" tab to see if the file is "read only." If so, uncheck "read only," click "OK," and then retry deleting the file.

----------

Then browse to the C:\documents and settings\Your User Name (repeat for all other user names in documents and settings)\local settings\temp folder and delete all files and folders in it. Then browse to the C:\Window\Temp folder and delete all files and folders in it. Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

----------

Re-Run Ewido:

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

----------
Restart your computer
----------

Now I would like you to run an online scan, from here http://housecall.trendmicro.com/. Click on "Scan now It's free" then "Please Select your Location" and press on go. The "Start Free Scan" and "Complete Scan". Make sure no windows are open apart from the Trend Mirco page and the scanning page during this scan. And to note down any infections, spyware or vunrabillities it brings up and save it in a .txt file from notepad.

----------

Reply back with a fresh HJT log. Ewidoscan log and anything Trend Micro comes up with ;)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby DAN SKINNER » December 7th, 2005, 6:27 pm

Hi there,
trend micro, after various files deleted, points o
PAR_SE.8268
HKCU\S-1-5-18\SOFTWARE\NEW.NET

ADW-SE.78267
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHARED DLLS\C:\WINDOWS\DOWNLOADED PROGRAM FILES\MEDIAGATEWAYX.DLL

ADW-SE.77299
ADDRESS AS ABOVE

I can delete the second 2, dont know how to find the first

ewidoscan
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 22:10:39, 07/12/2005
+ Report-Checksum: FB42BEEF

+ Scan result:

:mozilla.6:C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 22:12:54, on 07/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\da3dhkwm.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2476075562
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 7th, 2005, 9:05 pm

Hi Dan,

Please do not delete anything unless instructed to.

----------

Check in Add/Remove for this:

NewDotNet.

Uninstall it if present

----------

Reveal Hidden Files

  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.

----------

Just to double check:

Navigate to C:\WINDOWS\DOWNLOADED PROGRAM FILES and check to see if this file is in there. Delete it if found

Click on Start>My Computer>( C: )>Windows>Downloaded Program Files.


MEDIAGATEWAYX.DLL


If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, click End Process, then retry delete.
(Note the name and location of any file you cannot delete.)

----------

Now I would like you to run an online scan, from here http://housecall.trendmicro.com/. Click on "Scan now It's free" then "Please Select your Location" and press on go. The "Start Free Scan" and "Complete Scan". Make sure no windows are open apart from the Trend Mirco page and the scanning page during this scan. And to note down any infections, spyware or vunrabillities it brings up and save it in a .txt file from notepad.

----------

Please reply back with:

1. A fresh HJT log
2. Anything Tren Micro finds
3. And please let me know how your computer is running
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby DAN SKINNER » December 8th, 2005, 6:02 am

hi,
havent done this yet but something else is happening. Netscape seizing up, pressed ctrl+alt+del, and 70 task manager windows opened up!
am getting fed up
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 8th, 2005, 3:25 pm

Hi Dan,

Sorry to hear about Netscape. Before we concentrate on anything else. Do the following:

I would like to have a HijackThis Uninstall Manager log. Start HJT. Then go to Open Misc tool section. From in there where you see Generate StartupList log, check both Full and Complete options. And with no other windows open. Click on Generate StartupList log. That will create a log in the Folder HJT is. Post that in your next reply.

------------

Click on Options from the Netscape Navigator menu bar, then Network preferences. Select the Cache tab and click on the Clear disk cache button.

If you cannot do this. Try a clean install; instructions from HERE

After reading that link; the only other option (if the problem still excists)I would recommend is to uninstall Netscape. Please read the next part as to why.

In prior scans, a lot of garbage was found in your Netscape/Mozilla profiles. It's possible that you may end up not only having to uninstall Netscape, but you may also have to get rid of everything left behind in the Netscape and Mozilla folders that are located in the Application Data folder, and the same folders that are located in Program Files as well, if they're not getting cleaned up with the scans. You may be able to salvage your bookmarks. If everything I have suggested fails you may consider switching to Firefox as I believe it's kept more up to date than Netscape. When a vulnerability is discovered, it usually gets patched fast


Click HERE if you would like to know how to transfer your Bookmarks in Netscape to Internet explorer.

Uninstall Netscape for me from Add/Remove;and we will go from there. We can always install it later on if you decide to use Netscape. Make note on any favourates you have bookmarked or browse on the link below.

When you are all clean I will give you instructions on other available browsers out there. For now use Internet Explorer to continue the fix.

----------

Make sure you also delete the Netscape/Mozilla folder in C:\Program Files after uninstalling. And the Netscape/Mozilla folder that is located in the Application Data folder.

C:\Documents and Settings\All Users\Application Data

----------

Update Ewido:

1 You will need to update ewido to the latest definition files:

* On the left hand side of the main screen click update.
* Then click on Start Update.


2 The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")

Do not run ewido yet

----------

Navigate to C:\Windows\Prefetch and delete every file in there. But not the Prefetch folder it self

----------

Download Ccleaner from HERE

1. Double click on the file to start the installation of the program.
2. Select your language and click OK, then next.
3. Read the license agreement and click I Agree.
4. Click next to use the default install location. Click Install then finish to complete installation.
5. Double click the CCleaner shortcut on the desktop to start the program.
6. On the "Windows" tab, under "Internet Explorer", uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
7. If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
8. Click on "Options" at the top of the window, then click on the "advanced" button.
9. Deselect "Only delete files in Windows Temp folders older than 48 hours". Click on "OK".
10.Click Run Cleaner to run the program.

Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

After CCleaner has completed its process, click Exit.

----------


Please disconnect from the Internet and unplug your modem for the duration of this fix

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in Safe Mode.

----------

With no other windows open. Please Run Ewido

1. Click on scanner.
2. Click on Complete System Scan, the scan will now begin.
3. While the scan is in progress you will be promted to clean files, click OK.
4. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
5. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
6. Click Save Report.
7. Now save the report .txt file to your desktop.

Please note that you should leave the computer alone when Ewido is scanning untill it is finished

----------
Restart your computer
----------

After reading this, please continue to follow the previous instructions.

1. Check for NewDotNet in Add/Remove
2. Check to see if this file MEDIAGATEWAYX.DLL is still located in Start>My Computer>( C: )>Windows>Downloaded Program Files and delete it if present.
3. Carry out a trend micro scan in Internet Explorer

In your next reply I would like:

Startuplist log
A fresh HJT log - Very important
Ewido log
Anything Trend Micro finds
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby DAN SKINNER » December 9th, 2005, 8:02 am

Hi there,
I think I have 2 versions of netscape. I'll delete the older browser, but all my email addresses and mailboxes I do need to keep, and am very nervous about deleting if I update. I'm not so keen on the new Netscape browser so on second thoughts I'll delete that first. What a palaver
DAN SKINNER
Active Member
 
Posts: 9
Joined: December 5th, 2005, 6:34 am

Unread postby AndyAtHull » December 9th, 2005, 8:32 am

Try deleting the version you want. And follow the above instuctions for me please. :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware