Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet search redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet search redirect

Unread postby tsto72 » September 27th, 2006, 2:45 pm

When ever I click on the results form a yahoo search my I/E redirects me to several other sites.

Below is my log , appreciate any help you can provide as this is my work computer & is really effecting my work.

Thanks,
Tim

Logfile of HijackThis v1.98.2
Scan saved at 3:02:04 PM, on 9/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DB29397-DBF6-5DC8-5E4E-65184A8F30C0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/c ... /at1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370611906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370575093
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E5380CCB-BEC4-4995-83C5-C16FA62E8C7E} - http://www.streamerp2p.com/install.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm
Advertisement
Register to Remove

Unread postby Trogan » September 27th, 2006, 3:26 pm

Hi tsto72, welcome to Malware Removal!

You have an older version of HijackThis. Please delete the one you have now and download the latest version (1.99.1) by doing the following:

Click here to download HJTsetup.exe. Save it to your Desktop!
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Once you have downloaded HijackThis 1.99.1, I would like to see another log from it.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button. It will open a Notepad file.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.

Please post the requested logs back here. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » September 27th, 2006, 3:43 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:54:14 PM, on 9/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0DB29397-DBF6-5DC8-5E4E-65184A8F30C0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/c ... /at1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370611906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370575093
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E5380CCB-BEC4-4995-83C5-C16FA62E8C7E} - http://www.streamerp2p.com/install.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
ASUS Probe V2.22.00
AutoCAD R14.0
AutoVue SolidModel Pro, Desktop Edition
Avery® Wizard 2.1 forMicrosoft® Word 2000
Avira AntiVir PersonalEdition Classic
Cool MP3 Splitter
DivX 5.0.2 Pro Bundle
DivX Player
DWGgateway
eMule
Hijackthis 1.99.1
HijackThis 1.99.1
hp deskjet 5600
hp deskjet 940c series
hp deskjet 940c series (Remove only)
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Precisionscan Pro 3.1
hp print screen utility
HP Share-to-Web
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft Office 2000 Professional
Microsoft VGX Q833989
ModelPress Publisher 4.4
Nero - Burning Rom (Web installer)
NVIDIA Windows 2000/XP Display Drivers
NVIDIA Windows 2000/XP nForce Drivers
QuickTime
RealDownload Plus
RealPlayer
Streamer (remove only)
Terminal Services Client
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.7.2
Viewpoint Manager (Remove Only)
VuePrint
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB901214
Windows AdTools
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinMX
WinZip
XviD MPEG-4 Codec
XviD MPEG-4 Video Codec
Yahoo! Address AutoComplete
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » September 27th, 2006, 4:07 pm

Thanks for the logs. Can you do the following please...

First, I don't see any indication of a Firewall in your HijackThis log. This may be because:

(1.) You are using Windows Firewall or a hardware Firewall.
(2.) You are using a Firewall of an unknown vendor.
(3.) You are using a Firewall, but it is disabled for unknown reasons
(4.) You don't use any firewall at all.

In the case you don't have a Firewall, please download one from the list below - They are Free!

Zone Alarm << I recommend this
Sunbelt Kerio PF
Outpost Firewall

=====

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

LiveReg (Symantec Corporation) <-- This belongs to Norton/Symantec which you do not have anymore. It can go!
LiveUpdate 2.5 (Symantec Corporation) <-- This belongs to Norton/Symantec which you do not have anymore. It can go!
Viewpoint Manager (Remove Only)
Windows AdTools


=====

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0DB29397-DBF6-5DC8-5E4E-65184A8F30C0} - (no file)

O16 - DPF: {E5380CCB-BEC4-4995-83C5-C16FA62E8C7E} - http://www.streamerp2p.com/install.cab


- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

=====

Please do an online scan with Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » September 29th, 2006, 12:46 pm

I had an issue trying to run the panda scan. When the window poped up to ask to allow activex to download I hit yes to which it started to download. My anitvir alerted me to a possible virus as I was downloading which I suspected was from the download. Unfortunately I clock access deny prior to seeing what the actual issue or virus was. Now I get this message from panda after it completes. I have also restarted my computer & still get the same. Only option I have is turning off my virus proection which i'm VERY hesitent to do.

Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...


Also I believe our firewall is maintained at our server which is located in another facility.


Logfile of HijackThis v1.99.1
Scan saved at 12:54:35 PM, on 9/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/c ... /at1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt3_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/c ... /st2_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370611906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4370575093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » September 29th, 2006, 1:05 pm

Hi tsto72! Don't worry about running Panda right now. Your log is clean, but lets run a few scans to make sure nothing is hiding.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

=====

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
=====Reboot back into Normal Mode=====

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

=====

Please post the Ewido log, along with the Kaspersky log and let me know how things are.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » September 29th, 2006, 1:19 pm

I downloaded & started atf- cleaner. I was able to put a check mark next to everything except pretech as it says this has been diabled & will not allow me to place a check mark. I ran the program & received an error that atf has generated errors & will be closed by windows. I then ran each item seperately. When I got to All Users Temp that is when I got the error. Should I continue with the remaining instructions from your post or do we need to figure a way to clear the all users temp?
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » September 29th, 2006, 1:24 pm

I shoud have asked this first. Do you have Admin rights, since this is a work computer?

It is important that you have Admin rights in order to complete the instructions outlined.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » September 29th, 2006, 1:32 pm

Yes I have admin rights on this computer, double checked in the user area to make sure.
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » September 29th, 2006, 1:35 pm

Thats good! :)

Leave ATF Cleaner, and carry on with the rest. Let me know if you have any problems.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » September 29th, 2006, 3:17 pm

Downloaded & installed ewido, changed state next to resident shield to show inactive, updated, exited & rebooted in safe mode. After safe mode started up I had no toolbar options so I started ewido by it's desk top icon. After a long pause the following error came up

"something bad has happened in the application. Error in diagnostics saved to c:\program\ewido anti-spyware 4.01 ewido.err"

I then rebooted again in safe mode 7 tried again only to recieve the same error. Form here I figured ther emust have been an issue with the intial download so I uninstalled ewido & redown loaded it. Now I do not have the option for resident shield or automatic updates they are both grayed out with an I n/a next to them.
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » September 29th, 2006, 3:23 pm

OK...update it following the instructions, and try running a scan in Normal Mode.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » October 2nd, 2006, 11:12 am

Sorry for the delay, ran the ewido scan in normal mode & it appeared to find several issues before the same "something bad error" appeared. I then began to scan registry, memory & fast individually to which it came up with several errors downloader.agent.uj (high risk) apearsing everytime. I was unable to quarenteen this so appears to be the prob. Is this because I can not run the program in safe mode?

Fast Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:02:36 AM 10/2/2006

+ Scan result:



[1172] VM_00840000 -> Downloader.Agent.uj : No action taken.
[1184] VM_007D0000 -> Downloader.Agent.uj : No action taken.
[1220] VM_007C0000 -> Downloader.Agent.uj : No action taken.
[1232] VM_00D70000 -> Downloader.Agent.uj : No action taken.
[124] VM_007F0000 -> Downloader.Agent.uj : No action taken.
[1252] VM_00C10000 -> Downloader.Agent.uj : No action taken.
[1284] VM_00300000 -> Downloader.Agent.uj : No action taken.
[1308] VM_007C0000 -> Downloader.Agent.uj : No action taken.
[1492] VM_00BF0000 -> Downloader.Agent.uj : No action taken.
[172] VM_00B40000 -> Downloader.Agent.uj : No action taken.
[192] VM_009C0000 -> Downloader.Agent.uj : No action taken.
[592] VM_007C0000 -> Downloader.Agent.uj : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@bnkfastfind.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@entrepreneur.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@hollywoodentertainment.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@pch.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@saxoconcordmonitor.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adorigin[1].txt -> TrackingCookie.Adorigin : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@servedby.adorigin[1].txt -> TrackingCookie.Adorigin : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.belstat[2].txt -> TrackingCookie.Belstat : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ads18.bpath[1].txt -> TrackingCookie.Bpath : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cz9.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.darkcaven.com.0.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoahd5alog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoqpc5mhog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliqgdzcgpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuodzckpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfk4uhcpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfk4uhczmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfkiaocpkbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfkiapdjsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfkiujc5khp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfkosjcjsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfl4akcjodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfl4clajeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfloeodzmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wflyumc5sho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfmieicjakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfmiqiazego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfmywoajcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wgkiskczkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjk4alczgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjk4cidzghp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjkyapcjkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjkyuoazggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjl4opazkco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjl4qgcjmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjl4sldpcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjl4umazaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjl4whcjieo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjmiglcpebp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjmiupajkfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjmygmazeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjmykkdjseq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnycpazmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyegd5mgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyemcjgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyemdzagp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyend5shq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyeocpsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyepdjsao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnygmc5mlp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyoiajieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyolc5iap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyopdzkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyqnd5elo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnysmczogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4sgd5ccpwudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4aodpkkpawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoohdzmaqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuiazacpgsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4eoczilpwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4olazgapgydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliggczceowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlismazadowqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmickdzihoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyqnc5glqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyelazwhqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygmczgcqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ehg-viacom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@hypertracker[1].txt -> TrackingCookie.Hypertracker : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@komtrack[2].txt -> TrackingCookie.Komtrack : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@image.masterstats[2].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.res99[1].txt -> TrackingCookie.Res99 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@sexlist[2].txt -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.sidefind[1].txt -> TrackingCookie.Sidefind : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@server3.web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@install.xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@www.xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@c5.zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\administrator\Cookies\tims@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

Memory Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:55:58 AM 10/2/2006

+ Scan result:



[1172] VM_00840000 -> Downloader.Agent.uj : No action taken.
[1184] VM_007D0000 -> Downloader.Agent.uj : No action taken.
[1220] VM_007C0000 -> Downloader.Agent.uj : No action taken.
[1232] VM_00D70000 -> Downloader.Agent.uj : No action taken.
[124] VM_007F0000 -> Downloader.Agent.uj : No action taken.
[1252] VM_00C10000 -> Downloader.Agent.uj : No action taken.
[1284] VM_00300000 -> Downloader.Agent.uj : No action taken.
[1308] VM_007C0000 -> Downloader.Agent.uj : No action taken.
[1492] VM_00BF0000 -> Downloader.Agent.uj : No action taken.
[172] VM_00B40000 -> Downloader.Agent.uj : No action taken.
[192] VM_009C0000 -> Downloader.Agent.uj : No action taken.
[592] VM_007C0000 -> Downloader.Agent.uj : No action taken.


::Report end

Registry Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:54:00 AM 10/2/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{D9F1ED10-B3DA-B8A9-67B7-86AA485C18AF} -> Adware.CoolWebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.


::Report end
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm

Unread postby Trogan » October 2nd, 2006, 2:29 pm

You didn't set Ewido to Quarantine the infections it found. Could you follow the Ewido instructions again, and run another scan please?

I would like to see the log from Kaspersky once you have scanned with it. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby tsto72 » October 5th, 2006, 1:19 pm

Reran the ewido scan again I couldn't run in safe mode or run the full scan. 1st scanned using fast (log attached) 2nd scanned registry (found nothing) 3rd scanned memory (log attached. I then without restarting updated & rankaspersky online scanner. I received the same error ever time I tried it "microsoft IE has encountered an error & needs to be closed" This error appeared to occur everytime it began scanning C:\documents & setting\admin...\local...\temp\ I then rebooted & tried again with the same error. I then tried to using disk cleanup in windows explorer only to receive another error "cleanmgr.exe has generated erroed & will be closed by windows. You will need to restart the program. An error log is being created


Fast Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:20:32 PM 10/5/2006

+ Scan result:



[1028] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
[1044] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1196] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1224] VM_007F0000 -> Downloader.Agent.uj : Error during cleaning.
[1240] VM_007D0000 -> Downloader.Agent.uj : Error during cleaning.
[1268] VM_00D70000 -> Downloader.Agent.uj : Error during cleaning.
[1284] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning.
[1320] VM_00300000 -> Downloader.Agent.uj : Error during cleaning.
[1364] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1468] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning.
[172] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning.
[192] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
C:\Documents and Settings\administrator\Cookies\tims@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfliejcjsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@e-2dj6wfloeodzmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\administrator\Cookies\tims@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


Memory Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:23:20 PM 10/5/2006

+ Scan result:



[1028] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
[1044] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1196] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1224] VM_007F0000 -> Downloader.Agent.uj : Error during cleaning.
[1240] VM_007D0000 -> Downloader.Agent.uj : Error during cleaning.
[1268] VM_00D70000 -> Downloader.Agent.uj : Error during cleaning.
[1284] VM_00C10000 -> Downloader.Agent.uj : Error during cleaning.
[1320] VM_00300000 -> Downloader.Agent.uj : Error during cleaning.
[1364] VM_007C0000 -> Downloader.Agent.uj : Error during cleaning.
[1468] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning.
[172] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning.
[192] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.


::Report end
tsto72
Regular Member
 
Posts: 19
Joined: September 26th, 2006, 3:40 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware