Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Novice requests help with dialer Trojan viruses please.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Novice requests help with dialer Trojan viruses please.

Unread postby Mad-Friend » July 29th, 2006, 2:45 pm

Please can you help me. I have 3 dialer Trojan viruses infecting my computer. They are:
RyDial.d;; Trojan horse Dialer.BZI
Upgrade.exe Trojan horse Dialer. BZJ
win_dialler_414.exe Trojan horse Dialer.BZI
I have AVG antivirus which detects but cannot remove. I don't know what to do. I am a novice.
Please can you advise me?
Thankyou, Mad-Friend.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm
Advertisement
Register to Remove

Unread postby Rogue » July 29th, 2006, 7:12 pm

Hi Mad-Friend,

Download HijackThis.
Version (v1.99.1) of HijackThis from here
Unzip HJT.
It will extract to C:\Program Files\ HijackThis
This is so that the backups that HijackThis creates will be stored in a safe place
navigate to the C:\Program Files\ HijackThis folder.
Now double-click on hijackthis.exe and when the window opens, Press the Scan now and save a logfile button and then when it is done, copy and paste the contents of the notepad it opens as a reply to this post.
====================

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Mad-Friend » July 30th, 2006, 4:08 am

Logfile of HijackThis v1.99.1
Scan saved at 09:03:59, on 30/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Tesconet\Tesconet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\trish\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by WHSmithnet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1075279500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thankyou for your help. This is what has shown up.
Trish.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

corrupted or lost files by doing this sfc /scannow.

Unread postby Mad-Friend » July 30th, 2006, 4:17 am

Help please.
I thought I had a problem in my Micrsoft Word and saw this on PC Advice. It said to recover corrupted files click on RUN type in sfc /scannow I did. And many of my files when opened were no longer readable. Just a couple of letters and a long line of squares. I am desperate to recover these word files. I have lost almost a years work. I tried two system restores but it hasn't cured the loss of my files. The files are showing these symbols either ~$ with part of the file name or, ~WRL with part of the name.
Please can they be recovered and restored so I can read them?
Your help would be most appreciated.
Thankyou Trish

EDIT: Trish, I have merged this topic with your original topic. Please do not start new/multiple topics regarding the same system. Stick with your original topic.

Thank you,

NonSuch
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Rogue » July 30th, 2006, 10:46 am

Hi Mad-Friend ,

In you original post you mentioned these files were found
RyDial.dll Trojan horse Dialer.BZI
This file is from www. tesco.net and is most likely valid
http://www.bleepingcomputer.com/startup ... -7749.html

Upgrade.exe Trojan horse Dialer. BZJ
Could be bad depending on location

win_dialler_414.exe Trojan horse Dialer.BZI
Not 100% sure on this one thats why we will perform some deeper investigation.

In your log I see this IP address 194.168.4.100 It belongs to Cable Online Ltd in the United Kingdom, are you familiar with them?

The files are showing these symbols either ~$ with part of the file name or, ~WRL with part of the name.

I'll do some research on the above and see what I can find.

Ready? Let's go.
====================

You currently are running HijackThis from a Temporary location:
C:\DOCUME~1\trish\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

HijackThis will not be able to make backups of the removed entries, if it's running from a Temp folder.

Please make a folder here: c:\HJTand place HijackThis in that folder.
DO NOT follow the steps below until you have moved HijackThis
====================

Download Ewido Anti-spyware 4.0 from HERE and save that file to your
desktop.
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
====================

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

====================

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply
====================

Please post the following in your reply

New HJT log
Ewido log
Panda scan log

Some logs can be long so you may have to use multiple posts

Thanks,
Rogue

<EDIT>
I did find some info on recovery of Word files which are below. Just to make sure they were not corrupted by "bad" things you may want to hold off until your system is clean.

http://support.microsoft.com/kb/826864/

http://word.mvps.org/FAQs/AppErrors/CorruptDoc.htm
http://word.mvps.org/FAQs/General/RecoverMasterDocs.htm
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Mad-Friend » July 30th, 2006, 3:17 pm

Hi Rogue,
firstly let me say thankyou for replying and helping me. Your help is very much appreciated. To show how much of a novice I am I must confess that I don't know how to do the first step of your advice:

I don't know how to make C:\HJT[/color] and place HijackThis in that folder.
How do I go about doing this please?

In reply to your question I do not know the IP address 194.168.4.100 belonging to Cable ONline LTD UK.

My first ISP provider was WH SMITH they were taken over by another ISP (for the life of me I cann't recall which one, only that their service was so appallingly bad I cancelled with them) I think the Win_Dialler_414.exe belonged to them. It has been on my screen since then and not being sure what to do with it I left it alone.

I hope this helps.
Yours sincerely Mad-Friend Trish.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Rogue » July 30th, 2006, 4:22 pm

Hi, Mad-Friend

OK since we are not making any changes with HJT at the moment let's just proceed with the fix where it's at.

My first ISP provider was WH SMITH they were taken over by another ISP (for the life of me I cann't recall which one, only that their service was so appallingly bad I cancelled with them) I think the Win_Dialler_414.exe belonged to them. It has been on my screen since then and not being sure what to do with it I left it alone.


Good information. 8)

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Mad-Friend » July 30th, 2006, 5:20 pm

Dear Rogue,

the part of your reply "okay since we are not making any changes with HJT at the moment let's just proceed with the fix where it's at"

I don't know what that means, sorry. Told you I was a novice. I'm totally confused. Can you take me through this bit by bit so I know what sections it is I know what I'm doing.

How do I make the copy you said I needed? Where do I store it?
What do I do about "proceed where it's at"?

I feel a right chump.
Sorry, Trish.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Rogue » July 30th, 2006, 5:39 pm

Sorry :( I'll be more clear on my instructions. Your doing just fine 8)

Don't worry about moving HJT. Lets' just start from here.

Download Ewido Anti-spyware 4.0 from HERE and save that file to your
desktop.
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
====================

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

====================

Using Internet Explorer run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the "Scan your PC" button
2. A new window will open...click the big "Check Now" button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
10. Click on "Local Disks" to start the scan
11. Post Panda scan results in your next reply
====================

Please post the following in your reply

Ewido log
Panda scan log

Some logs can be long so you may have to use multiple posts

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Mad-Friend » July 30th, 2006, 8:32 pm

Hi Rogue,
it took a while but here are the results. I did a scan of ewido anti spyware and when the scan was complete and I clicked on all actions a warning box came up. It said "The file C;\Documents and settings\ with the RyDial Trojan and the Win_Dialler_414.exe Trojan cannot be quarantined because it is embedded in the archive. Do you want to quarantine the whole archive. It gave me 4 options. I wasn't sure what to do until I'd spoken to you so I clicked on no. It was probably the wrong thing to do but I can run it again and click on yes if that's what I'm meant to do.

I'll try and post the results. If I have problems doing that I'll request your assistance.
Thankyou for all your help Rogue, you really are a little gem of a genius.
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:09:28 31/07/2006

+ Scan result:



C:\Documents and Settings\trish\Desktop\win_dialler_414.exe/RyDial.dll -> Dialer.RyDial.a : Error during cleaning.
C:\Documents and Settings\trish\Desktop\win_dialler_414.exe/Upgrade.exe -> Dialer.RyDial.a : Error during cleaning.
C:\Documents and Settings\trish\Application Data\errorsafefreeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\tug\Cookies\tug@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\tug\Cookies\tug@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@a-1shz2prbmdj6wvny-1sez2pra2dj6wfkicpczmfog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoajdpgfpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlislc5eeoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lc5maqqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4chdjoco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4cidzicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4cld5aaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4giazgeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4kkajklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4kldzgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfk4qgc5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiajdzgao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiandjcdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkigjdzmho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkigldpohp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiogdpsgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiojd5sko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkioldzkhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiqpdzklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiwgdzwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiwld5cfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkiwpcziaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoahcpckp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoajdjabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoegajohq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoejcjwho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoeodpoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkogldpsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkokgcpeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoklczeao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkoqkajmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkouoczglq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkowmdjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkycgazago.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkyegajehq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkykmd5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkyukajkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkywidjefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfkywodziho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4cldjccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4cndjkao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4cpazibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4gkc5igo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4kod5cgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4oiczmaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfl4wkcjmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflickcpgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflicmczshp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflielc5afo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfliemdzahq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfligjd5gcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfligkdjelq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfliojczagq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfliqodzmeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflislazeeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflisodjgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfliwhd5khp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloalc5kbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflocoajkdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloemajkgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloggdzilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloojc5mep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloqkajifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloqldzcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfloslcpwhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflowhd5ghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wflowkdpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmiajazoco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmiald5glp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmigndzefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmiopcpaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmiqmcjobo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmisjc5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmisjd5ccp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmisodjkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmycnc5eap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmyendpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmyghcjgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmysodpico.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmywnc5ado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wfmywocjoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgk4anazmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgk4kjcjwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkiegczkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkiggdjiko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkikjazwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkikodzafo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkiondpido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkisic5gkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkiskdpkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkislazcco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkoepd5who.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkogkdzsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkoqhcjedo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkosgczado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkyggajokq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkygmdpiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkyoldjicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkyond5saq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkyuhczsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkyupdzago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgkywnczcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgl4wkdpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgliepajofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wglikiczkgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgliklczceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wglyujd5seq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgmigiczcap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgmiogd5wdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgmisldjmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgmiumdzaep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wgmiwmdjiap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6whkiapczgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6whkisnd5weq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6whkoakajahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjk4ejdpodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjk4enczmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjk4kpcpgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjk4oodpcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjk4skc5ebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkoendjwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkoqjcpcaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkoqkajado.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkosidpcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyapdjsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkycgczehq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkychcpmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyckd5mho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkykjajabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyolajodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyqpczsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyskazmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkysoczgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkyupd5cfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjkywhc5akp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4eidpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4ghdpacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4gic5ebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4qnajigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4uhc5scq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4ukc5wao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4whczwfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjl4wmcjehq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlicgd5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlicpajiep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjliekcpmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjliomcpobp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlislc5eeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlispazofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjloahd5mko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjloahdziep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlocjdjkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlockczeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjloggazccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjloqocjwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjloujdzcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyald5efo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlycmajkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyggdpmlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlygmdjegq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyqgcpodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyqmdzcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlysiazcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyuhazclp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlyuhcpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlywkczsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjlywpazeeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmiald5ibq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmieidpmgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmiggc5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmiggdpagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigjd5kgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigod5glq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigodpsfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmiulazalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyahajgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyaid5seo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyemazsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settin
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » July 30th, 2006, 8:36 pm

Hi Rogue,
this is the rest of the Ewido scan report.
:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigjd5kgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigod5glq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmigodpsfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmiulazalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyahajgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyaid5seo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyemazsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyenazkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmykncpkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmykodpmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyomajglo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyqhajklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyqhdzwgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyskazslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyslajako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjmyuldjolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjny-1oajkg.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjny-1sajad.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjnycgc5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjnyeld5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjnyojajcdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@e-2dj6wjnyokdpcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkosmd5mfow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyulcjgloasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uocjegoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoglcpklqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokoc5mfowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosndjogog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkywjdjmdpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkywmc5ggogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqmdpahpgwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycmajkeoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyepcpggpwqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyojajcdoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\tug\Cookies\tug@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\tug\Cookies\tug@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\trish\Cookies\trish@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

I will try to send the Panda log next.
Incident Status Location

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\trish\Cookies\trish@adopt.hbmediapro[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\trish\Cookies\trish@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\trish\Cookies\trish@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\trish\Cookies\trish@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\trish\Cookies\trish@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\trish\Cookies\trish@cgi-bin[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\trish\Cookies\trish@dist.belnk[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\trish\Cookies\trish@errorsafe[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\trish\Cookies\trish@gostats[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\trish\Cookies\trish@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\trish\Cookies\trish@i.screensavers[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\trish\Cookies\trish@offeroptimizer[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\trish\Cookies\trish@spywarestormer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\trish\Cookies\trish@winfixer[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\trish\Cookies\trish@www.errorsafe[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\trish\Cookies\trish@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\trish\Cookies\trish@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\trish\Cookies\trish@xmts[1].txt
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » July 30th, 2006, 8:42 pm

Hi Rogue,
this is the last scan report you requested. The new HJT report.

Logfile of HijackThis v1.99.1
Scan saved at 01:38:36, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Tesconet\Tesconet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\DOCUME~1\trish\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by WHSmithnet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1075279500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{130E35C2-9F50-49DC-9AC2-B670A46D45A8}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I hope I have done everything right.
Please let me know if I should rerun the Ewido one to remove the Trojans in the archive.
Thankyou for all your help. I'm off to bed now.
Night.
Yours sincerely Trish. (Mad-Friend).
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Rogue » July 30th, 2006, 9:56 pm

Good morning Trish,

Just want to make sure on your Panda log that there were just lines that read Spyware:Cookie.
Just making sure the log didn't get cut off while posting.

On your ewido log you did just fine. :thumbleft:
We do need to delete the file win_dialler_414.exe from your desktop.
After you delete the file you may want to reboot and make sure you can still conenct to your ISP. If you can then go ahead and empty the Rcycle Bin.

Your HJT log still looks clean. :sunny:

OK now about your Word files. I would recommend you start with this process by Mircosoft. It appears to be close to the problems you are having.
http://support.microsoft.com/kb/826864/

You also may want to read up on these two links
http://word.mvps.org/FAQs/AppErrors/CorruptDoc.htm
http://word.mvps.org/FAQs/General/RecoverMasterDocs.htm

I'm going to ask Admin to leave this post open. Let me know how the above goes. I'm not a Word expert but I can refere you to some other forums that could possibly help you if the above fails to get results.
Since Word stores ~WRL files in temp folders I didn't want to have you clean those out until your sure you have your documents back. That will be our last step before I give you some instructions and ideas on making you system more secure.

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Mad-Friend » July 31st, 2006, 5:01 am

Good morning to you too Rogue,
things are looking better this morning. I feel like we are almost there and on top of things. Thankyou for all your help, you really are an angel.

Would you like me to resend the Panda log?

Smiling 'cause the ewido is fine. Actually BIG smile for that one.

The win_dialler_414 (please don't laugh) which method do I use to delete it? Do I run ewido scan and quarantine or do I just click on the delete button that will send it to my recycle bin? It's the latter isn't it? Just want to be sure I don't make any more gaffs.

Massive thankyou for the advice for my WORD files. I will follow this to the letter once the win_dialler_414 is deleted. I will let you know what happens with that.

Supposing I can no longer connect to my ISP what do I do?
I ask because if I can no longer get online to take your advice then I am stumped.
Yours sincerely Trish.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm

Unread postby Mad-Friend » July 31st, 2006, 5:24 am

Hi Rogue,
I have to go out shortly. It will be late tonight before I can follow through your instructions. As soon as I have I will let you know.
Thankyou again, Trish.
Mad-Friend
Regular Member
 
Posts: 42
Joined: July 29th, 2006, 2:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 395 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware