Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Poler.101 and dinst.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Poler.101 and dinst.exe

Unread postby kjennis » October 21st, 2005, 6:40 pm

I've run Trojan Hunter. It found Poler.101 but said it cannot remove because a program was using it. I also found dinst.exe and am unable to remove with TrojanHunter or Spysweeper.

My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:40:14 PM, on 10/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1128043387\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128043387\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dxntous.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128043387\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [bwdchb] C:\WINDOWS\system32\dxntous.exe r
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ialmcoin] C:\WINDOWS\system32\ialmcoin.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [audiosrv] C:\WINDOWS\system32\audiosrv.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D} (CYBSnoop Control) - http://www.cybersitterhelp.com/snooper/ ... XSnoop.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/part ... nstall.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/deltacvx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Please help!
kjennis
Active Member
 
Posts: 2
Joined: October 20th, 2005, 9:01 pm
Top
Advertisement
Register to Remove

Unread postby MaKaVeLi » October 21st, 2005, 6:58 pm

Hi kjennis,

Disable SpySweeper:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".

Disable SpywareGuard:

Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.

Disable Microsoft AntiSpyware Real-time Protection:

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please download DSRFix. Extract the files to your Desktop. Don't run anything in the folder yet.

Please download Ewido Security Suite.

Run the installer.
When installing uncheck:
Install background guard
Install scan via context menu
Now open Ewido.
Update the definitons for Ewido.
Now close Ewido for right now.

Please download Ad-Aware SE Personal from this page. Install it and check for updates.

Now download the VX2 Cleaner from this page. Make sure Ad-Aware SE Personal is closed and install the VX2 Cleaner.

Run Ad-Aware SE Personal.
Click Add-Ons.
Double-click VX2 Cleaner.
Click Ok to Excute this tool.
If nothing is found click Ok and exit the program.

or

If malware is found click Clean System.
When it's done click Start in Ad-Aware SE Personal.
Make sure Perform smart system scan is checked.
Click Next.
Let it clean anything it finds.

Open the DSRFix folder on your Desktop. Double click dsrfix.bat to run the program. A DOS window should open and close quickly, this is normal. Once the fix has completed the tool will close on its own.

Now run HijackThis and put a check next to the following lines (if present):

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [bwdchb] C:\WINDOWS\system32\dxntous.exe r
O4 - HKCU\..\Run: [ialmcoin] C:\WINDOWS\system32\ialmcoin.exe
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [audiosrv] C:\WINDOWS\system32\audiosrv.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/part ... nstall.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cab

Now make sure no programs or windows are open and click Fix checked.

Now delete the following files (if present):

C:\WINDOWS\Nail.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\dinst.exe
C:\WINDOWS\system32\dxntous.exe
C:\WINDOWS\system32\ialmcoin.exe
C:\WINDOWS\system32\MSAgentXP.exe
C:\WINDOWS\system32\audiosrv.exe

Now reboot.

Run Ewido.
Click on scanner. (Don't do anything on the computer while Ewido is running.)
Click Complete System Scan.
If you get a prompt asking to clean files then click OK.
When it cleans the first file put a check by Perform action on all infections and then choose clean and click OK.
Once the scan is done choose Save Report and save it your desktop.
Close Ewido.

Run Ad-Aware SE Personal.
Click Start in Ad-Aware SE Personal.
Make sure Perform smart system scan is checked.
Click Next.
Let it clean anything it finds.

Now reboot and post a new HijackThis log along with the Ewido log.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA
Top

New Logs

Unread postby kjennis » October 22nd, 2005, 12:16 am

Thank you so much for the instructions! I have done everything and will post the Hijack This and Ewido logs. I have Zone Alarm for a firewall. What is the best software to help keep all of this spyware off of the computer? The kids use Instant Messenger and iTunes. I appreciate all of your help and expertise!

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:12:07 AM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1128043387\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128043387\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128043387\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {9C3E8350-5873-4D8E-A1D4-DCB9E885E86D} (CYBSnoop Control) - http://www.cybersitterhelp.com/snooper/ ... XSnoop.ocx
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/deltacvx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Ewido Log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:57:39 PM, 10/21/2005
+ Report-Checksum: 9B583B1D

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95}\TypeLib\\ -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848}\TypeLib\\ -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E82431BF-E8A2-45CA-8361-E5517588CDA1}\TypeLib\\ -> Spyware.RelatedLinks : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-3627264205-4118304944-2170005720-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-3627264205-4118304944-2170005720-1006\Software\Mvu -> Spyware.Delfin : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\qev59s3m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wfl4ogc5eaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wfliokdpclp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wjkocodjgho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wjny-1pcpwk.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kids\Cookies\kids@e-2dj6wjnygid5mgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kids\Local Settings\Temp\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\install_george.exe.tcf -> Spyware.PurityScan : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0AC1D626-6F69-4D1C-811A-05EEAF\B0DFD8EB-231E-430D-9D67-11DFBF -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3E516BD1-02BE-4248-A27A-AE2D15\ED85D7DB-459B-4618-ABAE-E5648B -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E2078FC-44D7-4ED9-B834-E40FF9\5DADCC8E-4C58-4677-B159-69DC14 -> Trojan.Stervis.d : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E2078FC-44D7-4ED9-B834-E40FF9\607ACD8A-05F0-45A3-8F24-51B7A1 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\753BDA3F-B237-4C61-8D1E-2FC6DF\78BD5D62-6602-456B-BF17-563663 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\79EC92CD-0360-4F0A-9EEB-08F24D\EE4CAE7C-E758-4A34-BBA6-B6146A -> Trojan.Agent.iw : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7B83051C-354A-4883-8944-EB9649\905B1DBC-1755-482C-9636-C0B2D0 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8002425B-F2F0-4B24-BFD0-C0B5A3\0B4A1B5B-11C7-4090-BB5A-B5EB8D -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\82FC3226-511A-4B86-BC57-289182\1B932D33-DC7B-4DDB-AA7C-61A615 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8B0597DC-F268-4C7B-AB5D-770070\9B51D5D9-32FC-4D20-BC31-061C2C -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8CCF143D-A59D-42FC-AF77-3C4688\3FB5A92D-77DC-4FCA-AF1D-F8177B -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E9F0A07-E26D-4307-BE4D-90A1C6\368BE39B-D213-4077-8F61-7BC04B -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E9F0A07-E26D-4307-BE4D-90A1C6\59288B35-966B-49C3-BC5B-101BD8 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E9F0A07-E26D-4307-BE4D-90A1C6\9F21B7A6-748B-4EDF-9263-7BE358 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CB640A48-C1B4-4203-8BB0-B69556\881E12B3-720D-4297-9994-B842DE -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CCA95F34-B3E7-4EFE-98AA-27FA36\0D841EC0-95F7-4BF6-B4C9-E2E593 -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CCA95F34-B3E7-4EFE-98AA-27FA36\48151C21-F987-4C71-BF8D-0E5D58 -> Spyware.Getmirar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CF37213D-D2F1-4CCB-9BCA-C4D7B4\2F449B8C-9DED-4FFF-AC7C-B24065 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DBF40DD3-8DB0-439E-9DE6-202C8C\729FC938-E917-46EC-A606-D30481 -> Trojan.Agent.km : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/atrc8parb_.exe -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/umqltg4cl_.ini -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\setup4021.cab/update.exe -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc123\umqltg4cl_.ini -> Adware.SAHA : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc20.tmp\thnall1z.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc232.tmp -> TrojanDownloader.Siboco : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc438.tcf/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc438.tcf/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc600.tmp -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc602.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc602.tmp/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc704.tcf -> TrojanDownloader.IstBar : Cleaned with backup
C:\RECYCLER\S-1-5-21-3627264205-4118304944-2170005720-1006\Dc91.tmp\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\temp\WinTaskAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING48.exe.tcf -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\gpwtcf.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Nail.exe.tcf -> Trojan.Agent.km : Cleaned with backup
C:\WINDOWS\Nail.exe5758.tcf -> Trojan.Agent.km : Cleaned with backup
C:\WINDOWS\system32\MSAgentXP.exe.tcf -> TrojanDownloader.Reqlook.c : Cleaned with backup
C:\WINDOWS\system32\wnsintcc.exe.tcf -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\yrnrnc.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
kjennis
Active Member
 
Posts: 2
Joined: October 20th, 2005, 9:01 pm
Top

Unread postby MaKaVeLi » October 22nd, 2005, 10:19 am

Hi kjennis,

It looks like you are now all clean. Here are some programs and things I recommend you do to prevent further infections.

1. Remember to always update your system. Visit http://www.windowsupdate.com/ to download the latest updates for your system.

2. Reset System Restore to remove all infected restore points.

    Turn off System Restore.
    On the Desktop right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check turn off System Restore.
    Click Apply and then click OK.
    Reboot.
    Turn on System Restore.
    On the Desktop right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply and then click OK.


3. Download Ad-Aware and Spybot and run them regularly to scan for spyware that you might have on your computer.

4. Download SpywareBlaster and SpywareGuard to prevent further infections.

5. Remember to always use an Anti-Virus program. I recommend Kaspersky.

6. Always use a firewall. The Windows firewall is good but Outpost Pro is better. See this page for more info.

7. Download a HOSTS file to prevent you from visiting sites that might infect you with spyware again. I recommend Bluetack's HOSTS file.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA
Top

Unread postby NonSuch » October 28th, 2005, 3:27 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 80 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index