Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my Hyjack this log Pls Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my Hyjack this log Pls Help

Unread postby steve67474 » December 26th, 2005, 8:41 am

Hi experts and a merry xmas :)

I have been attacked by malware. I have run adaware se 2 with the latest updates and symantec antivirus. I also have zone alarm running. I keep getting msnj.exe and ntjn.exe trying to access internet?? I block them but could you look at my hyjackthis log pls as I am sure I have undesirable stuff on my pooter,Thanks in anticipation of your help.

Logfile of HijackThis v1.99.1
Scan saved at 12:36:17, on 26/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\addyk.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Topro\tppoll.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Steve.HOME\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CBTB00001 Class - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\toolbars\SKYPEF~1\toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {77CFD405-E6A6-72F1-2E42-FFA8EB49D6D2} - C:\WINDOWS\system32\ipki32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Class - {C152FD32-565F-4149-CA19-48489A67658E} - C:\WINDOWS\atlef32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Skypeâ„¢ For Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [TPPOLL] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [msnj.exe] C:\WINDOWS\msnj.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://yv0nne.bulldoghome.com/ps/infobo ... Upload.ocx
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addyk.exe" /s (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
steve67474
Regular Member
 
Posts: 30
Joined: December 26th, 2005, 7:42 am
Advertisement
Register to Remove

Unread postby amateur » December 26th, 2005, 10:18 am

Hi Steve67474, :)

Welcome to MWR and Merry Christmas to you too. :D Yes, you do have some undesirable stuff on your computer. :( I'll be glad to work on it. However, it takes some time, so please bear with me and I'll be back as soon as I can.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » December 26th, 2005, 5:41 pm

Hi Steve67474 :) ,

Thanks for being patient. :D You have a healthy ;) about blank infection. :( It's best if we can get this off the first time. So, please follow the instructions very carefully, without missing any. First of all I need you to download some programs for use later. Once the programs downloaded, you'll have to disconnect from the internet and unplug your modem. So, if you have any questions, post them here before you do that. Let's roll:

Download HSfix.zip and unzip it to your desktop. Do not use it yet.

Download About:Buster. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder, install it, check for updates but again, don't use it yet.

Download and install Ewido Security Suit

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu


Check for updates but do not run it yet.
======================

Ensure hidden files and folders are set to show;

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.


=======================
Disable the service:

Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called Remote Procedure Call (RPC) Helper ( 11Fßä #·ºÄÖ`I). When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

=======================

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

=======================

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

======================

While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.

======================

Then Open CWshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

======================

Bring up task manager Ctrl-Alt-Del and end these processes if they are present

C:\WINDOWS\addyk.exe

======================

Delete the unwanted files:

Please open Notepad ( go to Start>Accessories>Notepad) and paste the following text in the Code box into a new file: It's important that you use notepad, not wordpad, otherwise it won't work.

Code: Select all
-r -h -s C:\WINDOWS\addyk.exe 
del C:\WINDOWS\addyk.exe 
attrib -r -h -s C:\WINDOWS\diyki.dll
del C:\WINDOWS\diyki.dll
attrib -r -h -s C:\WINDOWS\system32\ipki32.dll
del C:\WINDOWS\system32\ipki32.dll
attrib -r -h -s C:\WINDOWS\atlef32.dll
del C:\WINDOWS\atlef32.dll
attrib -r -h -s C:\WINDOWS\msnj.exe
del C:\WINDOWS\msnj.exe


Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on remove.bat.

======================

Now run hijackthis and click the scan button, when it has finished scanning put a check against the following. Make sure that all other windows other than HijackThis are closed and click 'fix checked'


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\diyki.dll/sp.html#10001%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {77CFD405-E6A6-72F1-2E42-FFA8EB49D6D2} - C:\WINDOWS\system32\ipki32.dll
O2 - BHO: Class - {C152FD32-565F-4149-CA19-48489A67658E} - C:\WINDOWS\atlef32.dll
O4 - HKLM\..\Run: [msnj.exe] C:\WINDOWS\msnj.exe
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addyk.exe" /s (file missing)


Exit HJThis but stay on Safe Mode.

====================

Clean temp files:

The following step is important as you may have several malware files in your temp directories.

Still in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

====================

Run about buster:

Now press Windows key and E key at the same time to bring up Windows Explorer and navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.

==========================================================

Run Ewido.

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

===============================================

Now reboot in Normal Mode.

===============================================

We need to see if we need to restore some deleted files:
Please check for the following files using the Windows Search Engine:

control.exe
rundll32.exe
wmplayer.exe
msconfig.exe
notepad.exe
shell.dll
SDHelper.dll


If any are missing or not working properly then you can download new copies from Merijn's Files and follow the instructions at that site to install them where they belong for your OS.

============================================================
Reconnect to the internet. Please download

" Hoster
" Unzip Hoster.zip
" Open Hoster.exe
" Then click on "Restore Original Hosts"
" Close program when complete.
" Empty Recycle Bin
" Reboot and "copy/paste" a new log file into this thread, after completing any other instructions given
Warning: if you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them

=============================================================

Finally, run Panda's ActiveScan and perform a full system scan.
" Once you are on the Panda site click the Scan your PC button.
" A new window will open...click the big Check Now button.
" Enter your Country.
" Enter your State/Province.
" Enter your e-mail address.
" Select either Home User or Company.
" Click the big Scan Now button.
" Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
" Click on Local Disks to start the scan.
Upon scan completion, if anything malicious is detected, click See Report, then click Save Report and save it to your Desktop.

================================================================

Now reboot and run hijackthis again and post a fresh log along with the about buster log, the Ewido log and the Panda report :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

thanks for quick response

Unread postby steve67474 » December 27th, 2005, 8:31 am

Hi ameteur, thanks for the quick response. Right before I post the logs just a few probs on process. I will mention them now and you can let me know if I need to redo anything.

1. where you said......
Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called Remote Procedure Call (RPC) Helper ( 11Fßä #·ºÄÖ`I)

There was no entry with that name in sevices? there was a RPC helper but not with the gobbldegook in brackets so couldnt do that step.

2. I got to the step where you said print instructions and disconnect from internet then reboot in safe mode. Did all that then got to the step where I needed to creat a bat file to delete unwanted files. Ah! couldn't copy and paste as I am now offline. (something to be said about reading all instructions b4 starting). I typed the lines in manually and didn't get the spaces between the attributes, so it didn't run. I did copy and paste it at the end of instructions and run it then. Dont know how that will affect things.

All other stages went fine so these are my logs as they stand now. Again thanks for your time and effort.

Logfile of HijackThis v1.99.1
Scan saved at 12:22:55, on 27/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Topro\tppoll.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Steve.HOME\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CBTB00001 Class - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\toolbars\SKYPEF~1\toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Skypeâ„¢ For Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [TPPOLL] C:\Program Files\Topro\tppoll.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://yv0nne.bulldoghome.com/ps/infobo ... Upload.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

about Buster

AboutBuster 5.1, reference file 33
Scan started on [27/12/2005] at [09:58:51]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\WINDOWS\dzzim.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:00:09

Ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:57:22, 27/12/2005
+ Report-Checksum: BA029087

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Paula\Application Data\Mozilla\Firefox\Profiles\h2d682xt.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\paula@www.ysbweb[2].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Paula\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Paula.STEVE\Application Data\Mozilla\Firefox\Profiles\ui82rx2k.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Paula.STEVE\Cookies\paula@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paula.STEVE\Cookies\paula@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paula.STEVE\Cookies\paula@e-2dj6wjk4wjajiaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.456:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.532:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\yehmxmjo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Application Data\IM\Identities\{AF0001A5-F2EA-44A6-8F58-AA1C819FE663}\Message Store\Attachments\cracksearcher_164.zip/CrackSearcher/cracksearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Application Data\IM\Identities\{AF0001A5-F2EA-44A6-8F58-AA1C819FE663}\Message Store\Attachments\{31F115EB-6183-4B41-9E9D-4FFE056A7DE5}\cracksearcher_164.zip/CrackSearcher/cracksearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Application Data\IM\Identities\{AF0001A5-F2EA-44A6-8F58-AA1C819FE663}\Message Store\Attachments\{546D5789-E8EA-4DC5-A7E6-46FA48091218}\cracksearcher_164.zip/CrackSearcher/cracksearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\flqsuk40.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\flqsuk40.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\flqsuk40.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\flqsuk40.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\flqsuk40.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Steve.HOME\Application Data\Mozilla\Firefox\Profiles\k94bk4xk.steve\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Steve.HOME\Cookies\steve@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Steve.HOME\Cookies\steve@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Steve.HOME\Cookies\steve@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Steve.HOME\Desktop\craagle\Craagle.exe -> Spyware.Craagle : Cleaned with backup
C:\Documents and Settings\Steve.HOME\Desktop\hijackthis\backups\backup-20051227-095254-626.dll -> Downloader.Agent.acc : Cleaned with backup
C:\WINDOWS\addoq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addyk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M1511NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\system32\addkn.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apipn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlvo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crdw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crrv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\_default.pif:sxcsl -> Downloader.Agent.td : Cleaned with backup
C:\winstall.exe -> Hijacker.Spywad.n : Cleaned with backup


::Report End

Panda report


Incident Status Location

Dialer:Dialer.ERL Not desinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\K9A7OXYB\hot_tarts[1].exe
Security Risk:HackTool/Gendel.ANot desinfected C:\Program Files\Modshack\setup\gendel32.ex_

looks like I still have a couple of nasties eg hot tarts[1].exe

Once again thanks



:lol:
steve67474
Regular Member
 
Posts: 30
Joined: December 26th, 2005, 7:42 am

Unread postby amateur » December 27th, 2005, 8:41 am

Thanks Steve67474, :)
You've done very well. :thumbright: I'll have to go through the logs now and will get back to you later.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » December 27th, 2005, 6:58 pm

Hi Steve67474 :D ,

Great job!. :thumbright: The fix worked and the infection is gone :D . How is it running now? Just a little bit of tidy up and you are all set.
Security Risk:HackTool/Gendel.ANot desinfected C:\Program Files\Modshack\setup\gendel32.ex_

This item is a setup file for your Modshack program. Many of these types of programs include some sort of advertizing malware built into them. You can go ahead and delete that file if you no longer need to install the application. If you didn't install Modshack yourself, then you can remove it from Add/Remove programs and delete the folder from the Windows Explorer.
Dialer:Dialer.ERL Not desinfected C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\K9A7OXYB\hot_tarts[1].exe

Navigate to C:\Documents and Settings\ Steve\Local Settings\Temporary Internet Files folder and empty the contents: Once you open the temp folder, click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin. If there are other users, repeat the same for the other users as well.

Next, navigate to C:\Windows\Prefetch
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Finally, navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Then empty the Recycle Bin.

And to clean out your Temporary Internet files. Proceed like this:

" Quit Internet Explorer and quit any instances of Windows Explorer.
" Click Start, click Control Panel, and then double-click Internet Options.
" On the General tab, click Delete Files under Temporary Internet Files.
" In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
" On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
" Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
" Click OK.
=======================================

Now that you are clean, or seem to be, please follow these simple steps in order to keep your computer clean and secure.

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes] to confirm.
check the Hide file extensions for known file types.
Click OK.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, we recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got a antivirus, you can download and install one of the following free ones:

AntiVir here
AVG Free here
Avast here

It is essential to keep the anti-virus program fully updated. New virus infections are being produced all the time, and unless the program downloads the latest 'definitions', it cannot protect you against the newer versions. If you want to check for updates manually I'd recommended doing so at least once a week. However, a better option is to set the program to download and install updates automatically every time you are connected to the Internet. The first time you use it, please set it to perform a full system scan.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get all the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here Remember to "immunize" after each update
Microsoft Antispyware here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall (Will be discontinued as from the end of 2005) here
Outposthere
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
" Fraudulent claims or scams
" Offensive material
" Security vulnerabilities
" Spyware or Adware
" Spam related material
" or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

o Adult
o Spyware
o Spam Advertising
o Phishing
o Possible scam or fraud
o Misleading or False Advertising
o Pharming
o Rogue or Suspect Product
o Adware
o Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, fe. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. ;)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Thanks

Unread postby steve67474 » December 28th, 2005, 5:04 am

A big thanks amateur. Everything is fine now Have done all you recommended in last post. Have a happy new year. First time I have used this forum and what a response. CHEERS! :lol: :lol:
steve67474
Regular Member
 
Posts: 30
Joined: December 26th, 2005, 7:42 am

Unread postby amateur » December 28th, 2005, 8:38 am

Wonderful. :D Glad we could help. The credit goes to my "gurus/mentors" who have been training me, are watching over, and helping out when needed so that the best service is given. Happy New Year to you too. :D :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby NonSuch » January 1st, 2006, 5:22 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware