Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

popcorn.net removal?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

popcorn.net removal?

Unread postby eskeemer » August 27th, 2006, 1:59 pm

I have a "highjackit log" now what do I do with it to help remove "popcorn.net" and should I do anything else/
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm
Advertisement
Register to Remove

Unread postby Navigator » August 27th, 2006, 3:40 pm

Hello eskeemer....welcome to Malware Removal! You need to post the HJT log's contents here so that I can look at them:

Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log's contents (Ctrl-A), copy (Ctrl+C) and then paste (Ctrl+V) the log contents into a reply in this topic.

Use the post reply button at the bottom of the page to add a reply to this topic...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

popcorn removal

Unread postby eskeemer » August 27th, 2006, 4:00 pm

here is the logfileLogfile of HijackThis v1.99.1
Scan saved at 18:33:35, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Rollback\shdserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Rollback\RollbackClnt.exe
C:\Program Files\Rollback\RollbackTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\License_Manager\license_manager.exe
C:\Program Files\RDS\PLTBar.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... kANETReQ==
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Rollback] "C:\Program Files\Rollback\RollbackTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Function Palette.lnk = C:\Program Files\RDS\PLTBar.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp ... atools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CCA857-4359-4D42-8C85-C72D1886EA80}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rollback Rx Client Service (RollbackClientService) - Unknown owner - C:\Program Files\Rollback\RollbackClnt.exe
O23 - Service: SHDSERV - Horizon Datasys, Inc. - C:\Program Files\Rollback\shdserv.exe
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

Unread postby Navigator » August 27th, 2006, 4:16 pm

Hello eskeemer....

1. Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Then double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

popcorn.net removal

Unread postby eskeemer » August 28th, 2006, 2:44 am

eric skeemer - 06-08-28 7:40:35.25
ComboFix 06.08.27BT - Running from: C:\downloads 2

((((((((((((((((((((((((((((((( Files Created from 2006-07-28 to 2006-08-28 ))))))))))))))))))))))))))))))))))


2006-08-26 12:11 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-28 07:39 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware
2006-08-28 07:26 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\OpenOffice.org2
2006-08-27 09:55 -------- d-------- C:\Program Files\Rollback
2006-08-26 12:28 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-26 12:28 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla
2006-08-26 12:11 -------- d-------- C:\Program Files\Registry Mechanic
2006-08-25 08:06 -------- d-------- C:\Program Files\Java
2006-08-22 09:35 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-22 09:35 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-22 06:55 -------- d-a------ C:\Program Files\Common Files
2006-08-22 06:55 -------- d-------- C:\Program Files\fsupport
2006-08-22 06:55 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-08-17 09:10 -------- d-------- C:\Program Files\Internet Explorer
2006-08-17 08:59 29784 --a------ C:\Program Files\popcorn Terms.html
2006-08-17 07:36 -------- d-------- C:\Program Files\Notify
2006-08-17 07:36 -------- d-------- C:\Program Files\License_Manager
2006-08-14 07:56 -------- d---s---- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Microsoft
2006-08-14 07:56 -------- d-------- C:\Program Files\APSW
2006-08-04 09:28 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\AdobeUM
2006-08-03 09:18 -------- d-------- C:\Program Files\HistoryKill 2006
2006-08-03 09:16 -------- d-------- C:\Program Files\HbTools
2006-08-03 09:16 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\HbTools
2006-08-03 09:14 -------- d-a------ C:\Program Files\NavExcel
2006-08-03 09:14 -------- d-a------ C:\Program Files\Gator.com
2006-08-03 09:14 -------- d-a------ C:\Program Files\Common Files\GMT
2006-08-03 09:14 -------- d-a------ C:\Program Files\Common Files\CMEII
2006-08-03 09:14 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-03 09:14 -------- d-------- C:\Program Files\WordView
2006-08-03 09:14 -------- d-------- C:\Program Files\TPT Registry_Cleaner (Trial)
2006-08-03 09:14 -------- d-------- C:\Program Files\Thomson SpeedTouch
2006-08-03 09:14 -------- d-------- C:\Program Files\Thomson
2006-08-03 09:14 -------- d-------- C:\Program Files\The Adventure Company
2006-08-03 09:14 -------- d-------- C:\Program Files\Symantec
2006-08-03 09:14 -------- d-------- C:\Program Files\SpeedTouch
2006-08-03 09:14 -------- d-------- C:\Program Files\SpeedFan
2006-08-03 09:14 -------- d-------- C:\Program Files\Seekmo(2)
2006-08-03 09:14 -------- d-------- C:\Program Files\RegClean32
2006-08-03 09:14 -------- d-------- C:\Program Files\Outlook Express Backup Wizard
2006-08-03 09:14 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-03 09:14 -------- d-------- C:\Program Files\Motherboard Monitor 5
2006-08-03 09:14 -------- d-------- C:\Program Files\House of Tales
2006-08-03 09:14 -------- d-------- C:\Program Files\Heroes of Might and Magic V Downloader
2006-08-03 09:14 -------- d-------- C:\Program Files\Futuremark
2006-08-03 09:14 -------- d-------- C:\Program Files\ErrorGuard
2006-08-03 09:14 -------- d-------- C:\Program Files\Eidos Interactive
2006-08-03 09:14 -------- d-------- C:\Program Files\EA SPORTS
2006-08-03 09:14 -------- d-------- C:\Program Files\directx
2006-08-03 09:14 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-03 09:14 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-03 09:14 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-03 09:14 -------- d-------- C:\Program Files\Codemasters
2006-08-03 09:14 -------- d-------- C:\Program Files\BDWin32
2006-08-03 09:14 -------- d-------- C:\Program Files\Ahead
2006-08-03 09:13 -------- d-------- C:\Program Files\Seekmo(3)
2006-08-03 09:13 -------- d-------- C:\Program Files\Seagate
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-22 07:26 -------- d-------- C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\SecuROM
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-13 10:20 62976 --a------ C:\WINDOWS\system32\drivers\Shield.sys
2006-07-13 10:20 2944 --a------ C:\WINDOWS\system32\drivers\SHDBUS.sys
2006-07-13 10:20 16896 --a------ C:\WINDOWS\system32\drivers\Shieldf.sys
2006-07-13 10:20 11904 --a------ C:\WINDOWS\system32\drivers\Shieldm.sys
2006-07-10 12:38 -------- d-------- C:\Program Files\DAP
2006-07-10 12:38 -------- d-------- C:\Program Files\Creative
2006-07-10 12:38 -------- d-------- C:\Program Files\CDBurnerXP Pro 3
2006-06-22 11:47 181248 --a------ C:\WINDOWS\system32\rasmans(3)(2).dll
2006-05-29 16:30 1494016 --a------ C:\WINDOWS\system32\shdocvw(2)(2).dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb03.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Virgin Net Broadband\\Dragdiag.exe\" /icon"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"RegistryMechanic"=""
@=""
"Rollback"="\"C:\\Program Files\\Rollback\\RollbackTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"License Manager"="\"C:\\Program Files\\License_Manager\\license_manager.exe \" /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Auto Document Link.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Auto Document Link.lnk"
"backup"="C:\\WINDOWS\\pss\\Auto Document Link.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\RDS\\PLDlnk.exe "
"item"="Auto Document Link"



Completion time: 06-08-28 7:40:47.81
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

Unread postby Navigator » August 28th, 2006, 5:52 pm

Hello eskeemer....wow, on Aug 3rd, you got a download of many 'bad' programs...there may be more to do after this:

Before we get started, I need you to do this:

Reveal Hidden Files

  • Click Start.
  • Open My Computer.
  • SelectTools menu
  • Click Folder Options.
  • Select the View Tab.
  • Check Show hidden files and foldersin the Hidden files and folders section.
  • Uncheck Hide protected operating system files (recommended) option.
  • Uncheck the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.


1. First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Save it to your desktop

3. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... kANETReQ==
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent


Now close all windows other than HiJackThis, then click Fix Checked.

4. Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Log into your usual account.

5. Please remove these entries from Add/Remove Programs in the Control Panel (if present). Click start>>control panel>>add/remove programs:

180ClientStubInstall
180 Search Assistant
180Solutions
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools


6. Please delete these folders using Windows Explorer(if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed folders, then right-click to select them and click delete


C:\Program Files\License_Manager
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\HbTools
C:\Program Files\Gator.com
C:\Program Files\NavExcel
C:\Program Files\Common Files\CMEII
C:\Program Files\TPT Registry_Cleaner (Trial)
C:\Program Files\Seekmo(3)
C:\Program Files\Seekmo(2)
C:\Program Files\BDWin32
C:\Program Files\ErrorGuard
C:\Program Files\RegClean32


7. Please delete these files using Windows Explorer (if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\Program Files\popcorn Terms.html


8. Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

9. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode.

10. Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

11. Post the results of the:
  • ewido report scan
  • the HJT uninstall list
  • a new HJT log
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

popcorn.net removal

Unread postby eskeemer » August 29th, 2006, 6:19 am

Logfile of HijackThis v1.99.1
Scan saved at 11:02, on 06-08-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Rollback\shdserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rollback\RollbackClnt.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Rollback\RollbackTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RDS\PLTBar.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... TlhGDtkZUD
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Rollback] "C:\Program Files\Rollback\RollbackTray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Function Palette.lnk = C:\Program Files\RDS\PLTBar.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp ... atools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CCA857-4359-4D42-8C85-C72D1886EA80}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rollback Rx Client Service (RollbackClientService) - Unknown owner - C:\Program Files\Rollback\RollbackClnt.exe
O23 - Service: SHDSERV - Horizon Datasys, Inc. - C:\Program Files\Rollback\shdserv.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51 06-08-29

+ Scan result:



C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\ErrorLog.txt -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\NewCfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\instafintb0300.cfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Uninstall.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\unzipped\hijackthis\backups\backup-20060829-080602-515.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\CHPON.dll -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\apev.exe -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\eapbh.dll -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Web Offer\wo.exe -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
C:\Program Files\Butterfly Oasis Screensaver\ButterflyOasis.exe -> Adware.GAINNetwork : Cleaned with backup (quarantined).
C:\Program Files\Butterfly Oasis Screensaver\BO1Uninstaller.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\pntfehll\btfbpbca\cfdatbld.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\pntfehll\phabbjheen\ppdltaehh.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\FileSubmit\still waters\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Oemji\Toolbar\PopupBlocker\OemjiPopupBlocker.exe -> Adware.Nomeh : Cleaned with backup (quarantined).
C:\Program Files\FileSubmit\still waters\TBEZA127Q.exe -> Adware.Quick : Cleaned with backup (quarantined).
C:\Program Files\QuickSearch\Uninstall_QuickSearchBar.exe -> Adware.Quick : Cleaned with backup (quarantined).
C:\Program Files\WebRebates4\w11150.exe -> Adware.Rebates : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\maps.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\maps_over.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\moviesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\weatherhotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\cloudy.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\foggy.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\mcloud.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\na.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\nclear.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\ncloudy.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\nfoggy.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\nmcloud.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\npcloud.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\nrain.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\nshower.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\pcloud.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\rain.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\tstorm.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware\images\walertXP.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\WeatherLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Layouts\WeatherLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Maps -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Maps\MapsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Maps\MapsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Weather\AlertArchive.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\HistoryZapper -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\HistoryZapper\HistoryZapperOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\HistoryZapper\HistoryZapperOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\StarwareConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\StarwareUninstall.exe -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\bin -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\bin\Starware.dll -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\bin\exes -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\bin\exes\PLHistZap.exe -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\brand.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\icons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\Starware\icons\star_16.ico -> Adware.Starware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware\OriginalAutoSearch -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-682003330-861567501-839522115-1004\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\TopSearch\TopSearch.dll -> Adware.TopSearch : Cleaned with backup (quarantined).
C:\Program Files\WebRebates4\webrebates.dll -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\WebRebates4\webrebates.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\Web_Rebates\WebRebates1.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\downloads 2\tmp.ocx -> Downloader.Agent.aet : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.684:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.690:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.691:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.705:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.612:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.613:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.664:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.671:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.786:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.713:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.714:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.719:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.723:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.777:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.778:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.779:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.567:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.780:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.781:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric\Cookies\eric@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\eric.ERIC\Cookies\eric@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\af3fadn2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\eric.ERIC\Application Data\Mozilla\Firefox\Profiles\vlhkjsa2.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\eric skeemer.ERICANDIRIS.000\Application Data\Mozilla\Firefox\Profiles\12o7zd4a.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

popcorn. net removal

Unread postby eskeemer » August 29th, 2006, 6:31 am

Hi,
Referring to your instructions couldn`t delete C:\documents and settings\eric skeemer etc got message this file used to run windows cannot remove also couldn`t find file C:\program files\popcorn Terms.html.
When I started the ewido scan it ran for a while then froze I couldn`t boot the machine for some time but it eventually got sorted so I started the scan again this time ok. Hope this business didn`t muck things up .
Thanks very much for your help and time.
Eric
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

Unread postby Navigator » August 29th, 2006, 7:51 pm

Hey Eric....good job. You are welcome...

Ewido found A LOT of stuff!

1. You can remove the files from the Ewido Quarantine:

Launch Ewido and click the Infections button.
  • Click the Quarantine tab
  • Choose: Select All
  • Click: Remove finally
  • A window pops asking "Are you sure you want to remove the selected files...??"
  • Select: Yes

2. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... TlhGDtkZUD


Now close all windows other than HiJackThis, then click Fix Checked.

3. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


4. Post the contents of the ActiveScan report, a new HJT log and let me know how your computer is running...are you having any problems?
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

popcorn.net removal

Unread postby eskeemer » August 31st, 2006, 2:19 am

Logfile of HijackThis v1.99.1
Scan saved at 07:15, on 06-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Rollback\shdserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rollback\RollbackClnt.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Rollback\RollbackTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RDS\PLTBar.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Rollback] "C:\Program Files\Rollback\RollbackTray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Function Palette.lnk = C:\Program Files\RDS\PLTBar.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp ... atools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CCA857-4359-4D42-8C85-C72D1886EA80}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rollback Rx Client Service (RollbackClientService) - Unknown owner - C:\Program Files\Rollback\RollbackClnt.exe
O23 - Service: SHDSERV - Horizon Datasys, Inc. - C:\Program Files\Rollback\shdserv.exe

computer OK now, thanks again.
Eric
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

Unread postby Navigator » August 31st, 2006, 2:41 pm

Hello Eric...

You are welcome!

Your HJT appears clean and I'm glad your system is running well with out problems!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • THIS IS IMPORTANT! - If you are using Windows XP then you should reset system restore to make sure there are no infected files found in a restore point and that you have a clean restore point should you need one!

    Now let's reset your restore points.

    Click Start Menu >> All Programs >> Accessories >> System Tools >> SystemRestore

    Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'.

    Next go to Start Menu >> Run, then type:

    cleanmgr


    click OK, when Disk Cleanup opens go to the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. These are excellent reads too: I'm not pulling your leg and Malware: Preventing the Infection



Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

popcorn.net removal

Unread postby eskeemer » September 1st, 2006, 3:06 am

I am extremely grateful for spending so much time and helping me out of the mess I got into I will certainly lookat the articles and the tools you suggested. Thanks again.
Eric
eskeemer
Active Member
 
Posts: 7
Joined: August 27th, 2006, 1:18 pm

Unread postby Navigator » September 1st, 2006, 7:48 am

Glad to be of help...Good luck!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby agrarianmonk » September 15th, 2006, 1:56 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware