Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mssearchnet.exe Help, I don't know much! [RESOLVED]

Started by Kosti , Apr 06 2006 02:44 AM

  • This topic is locked This topic is locked

#1
Kosti
Posted 06 April 2006 - 02:44 AM

Kosti

    Member

  • Member
  • PipPip
  • 30 posts
Hello, my name is Peter and this is the first time I've ever used this site. My computer skills are very average so I'm hoping to get some help from some more knowledgable people. I've gotten to the point where I've figured out that the program telling me that I have a Virus Alert and the program that's changed my homepage to some virus software site is mssearchnet.exe I've gone through some of the posts about this but had trouble with understanding exactly what to do, and some posts had different info than other, so I thought I'd post my problem and hope someone can help me. I've gone and downloaded the hijackthis software, as this seems to be what everyone wants to see, and I copied what it produced below. Any help in this matter would be greatly appreciated. There are some things I've tried to delete from my c drive but it says their in use, so then I look in the task manager and try to "end process" but they just pop back up. If there's anything else wrong with my computer that I can fix please let me know about that too, as I said I don't have much computer experience so I'm not sure what is supposed to be there.

THank you so much

Logfile of HijackThis v1.99.1
Scan saved at 4:42:37 AM, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vbub\Ieui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\vndur9e5\vndur9e5.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\hsjdft.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\vndur9e5\3033150.exe
C:\Program Files\vndur9e5\vndur9e5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Kosti\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4B8E-8FC0-3E3A8DD296B2} - C:\Program Files\vndur9e5\vndur9e5.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [-
] C:\WINDOWS\bevomqc.exe
O4 - HKLM\..\Run: [Nsxsko] C:\Program Files\Vbub\Ieui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hkjlvz] c:\windows\system32\hkjlvz.exe
O4 - HKLM\..\Run: [nepywka] c:\windows\system32\pejajrh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [vndur9e5] C:\Program Files\vndur9e5\vndur9e5.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [xrytqtr] C:\WINDOWS\system32\hsjdft.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive.../cab/MyFm01.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {8C6C6922-6258-44AC-9912-53964AC55272} (xload Class) - http://217.160.140.6...ad/xloader8.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://www.elokwentn...com/modelki.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
O16 - DPF: {D94B2F87-CE31-11D5-9F7A-0090F50400FE} (NP5Sample.docBookNP5) - file://E:\content\bwnp5s.CAB
O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (ActiveX Control) - http://www.eroticbil.../ActiveX/ax.ocx
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartph...x/PCAXSetup.cab?
O16 - DPF: {F4BDA33C-7C59-11D5-9F7A-0090F50400FE} (Project1.checkfiles) - file://E:\checkfiles.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Edited by Kosti, 06 April 2006 - 02:51 AM.

  • 0

Advertisements

#2
Crustyoldbloke
Posted 06 April 2006 - 05:03 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Peter and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have a badly infected PC with many different infections. Let’s see what we can do with the next few sweeps.

I note that you are running HijackThis from Temporary Folder; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else since backup files can be deleted if they are not within their own folder!

Click My Computer, then C:\ and then Program Files.
In the menu bar, go to File>New>Folder. That will create a folder named New Folder, which you can right-click on and rename to HJT or HijackThis. Now you have C:\Program Files\HijackThis. Cut ‘n’ Paste your HijackThis.exe into it.

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Please download : CWShredder and cwsserviceemove.reg file

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Download roguescanfix.exe, and save it to your desktop.
Double click roguescanfix.exe to install it.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download, install, and update the free version of Ewido Security Suite:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Exit Ewido. DO NOT run a scan yet.
Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4B8E-8FC0-3E3A8DD296B2} - C:\Program Files\vndur9e5\vndur9e5.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\bevomqc.exe
O4 - HKLM\..\Run: [Nsxsko] C:\Program Files\Vbub\Ieui.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [hkjlvz] c:\windows\system32\hkjlvz.exe
O4 - HKLM\..\Run: [nepywka] c:\windows\system32\pejajrh.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [vndur9e5] C:\Program Files\vndur9e5\vndur9e5.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [xrytqtr] C:\WINDOWS\system32\hsjdft.exe r
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive.../cab/MyFm01.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c282.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {8C6C6922-6258-44AC-9912-53964AC55272} (xload Class) - http://217.160.140.6...ad/xloader8.cab
O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://www.elokwentn...com/modelki.exe
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
O16 - DPF: {D94B2F87-CE31-11D5-9F7A-0090F50400FE} (NP5Sample.docBookNP5) - file://E:\content\bwnp5s.CAB
O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (ActiveX Control) - http://www.eroticbil.../ActiveX/ax.ocx
O16 - DPF: {F4BDA33C-7C59-11D5-9F7A-0090F50400FE} (Project1.checkfiles) - file://E:\checkfiles.CAB

Click on Fix Checked when finished and exit HijackThis.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

Restart your computer in normal mode.

Open the roguescanfix folder, and doubleclick run.bat.
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till the message "Completed script execution" appear, then click OK.
Click "Exit" to close BFU.

Next:

Go to the online scan, click the Panda ActiveScan shortcut.

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, restart your computer once more, and please post a new HijackThis log (normal mode), log from the Ewido scan, log from the smitRem tool, which will be located at C:\smitfiles.txt and finally the Pandascan log.
  • 0

#3
Kosti
Posted 06 April 2006 - 10:36 AM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
First of all I would like to say thank you VERY much for the help on this, I can already see a difference. It took me 3 hours to do this, but I followed the instructions word for word (they were amazing instrucitons) and now I'm finished. I am running 2 other users on the comp, but they haven't been used in over a year (just haven't deleted them yet...on one I had similar problems so I just opened another account and haven't deleted the old one because I was affraid I might lose some files or something). I never knew how much crap was on my computer...the final panda scan revealed over 220 spyware things...WOW...I'll post the information you requested below, but I just wanted to write a couple things that I found different with my computer upon start up now. When the computer comes on, and it's going through it's normal opening process, I get an error text box that read...in the blue bar at the top it says "RUNDLL" then in the box it has a red circle with a white X in it, and beside that it says "Error loading stlb2.dll"...and under that it says "The specified module could not be found". This never popped up before my problem...also...I get two Notepad things that open up and they are identical. In the Blue title bar is says "desktop - Notepad" then in the body it says [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
Also, MSN messanger automatically pops up on logging in and it never did that before either. ALright...so here's the info
--------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:33:16 PM, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartph...x/PCAXSetup.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)

Edited by Kosti, 06 April 2006 - 10:43 AM.

  • 0

#4
Kosti
Posted 06 April 2006 - 10:42 AM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
--------------------------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:01:09 AM, 06/04/2006
+ Report-Checksum: 4FFC269E

+ Scan result:

[628] C:\WINDOWS\sa22.dll -> Downloader.Small.byd : Error during cleaning
[1460] C:\WINDOWS\system32\kidhln.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\pjswdrm.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\mswpri.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\dfrgsrv.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\1ott01f5.exe -> Adware.Sahat : Cleaned with backup
C:\WINDOWS\system32\stickrep.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\omniband.dll -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\c17b6s.dll -> Dropper.Small.abe : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Trojan.Agent.db : Cleaned with backup
C:\WINDOWS\system32\wsaupdater.exe -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\setup_incred_10.exe -> Downloader.Keenval : Cleaned with backup
C:\WINDOWS\system32\sahagent1019.exe -> Adware.Sahat : Cleaned with backup
C:\WINDOWS\system32\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\DialerOffline.dll -> Dialer.DialerOffline : Cleaned with backup
C:\WINDOWS\system32\GirlControlCom.dll -> Not-A-Virus.PornDownloader.Win32.StripPlayer : Cleaned with backup
C:\WINDOWS\system32\axuninstall.exe -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\stlb2.dll -> Downloader.Braidupdate.d : Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> Downloader.Braidupdate.d : Cleaned with backup
C:\WINDOWS\system32\D0CE0C16B1.DLL -> Hijacker.Agent.dh : Cleaned with backup
C:\WINDOWS\system32\lоgonui.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\prutqct.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\pruttct.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UGO20.exe -> Downloader.Small.fe : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\jao.dll -> Logger.Briss.g : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\bridge.dll -> Logger.Briss.g : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll -> Adware.Gator : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\d_loader.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\filmy.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\OELoader.exe -> Adware.OWS : Cleaned with backup
C:\WINDOWS\sasetup.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\sasent.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\frennk.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\assest.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\wiesasp.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\wiesasp2.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\m7.exe -> Downloader.Swizzor.bt : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup
C:\WINDOWS\wsem303.dll -> Downloader.Dyfuca.dt : Cleaned with backup
C:\WINDOWS\iempg2.dll -> Trojan.Dialer.mf : Cleaned with backup
C:\WINDOWS\180Solutions\msbbhook.dll -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\180Solutions\FLEOK\msbb.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\questmod-1.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\SYSsfitb.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSfit.exe -> Hijacker.StartPage.ey : Cleaned with backup
C:\WINDOWS\cerbmod.dll -> Trojan.Dialer.bi : Cleaned with backup
C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\KB290333.dll -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\jaaste.dll -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\69632 -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dinst.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\__delete_on_reboot__sa22.dll -> Downloader.Small.byd : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\d_loader.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DnldNCSX0002.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DnldNCSX0002.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EXE -> Adware.ClearSearch : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\WToolsB.dll -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\istsv_.exe -> Downloader.IstBar.gn : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\search4it_8_new.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_3_7.exe -> Downloader.TSUpdate.i : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\GLFCD4GLFCD4.EXE -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DrTemp\thin-137-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DrTemp\INTLRECO.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DrTemp\mm_reco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\THI632A.tmp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\THI632A.tmp\ceres.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.cab/farmmext.exe -> Downloader.Stubby.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.exe -> Downloader.Stubby.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe -> Downloader.TSUpdate.k : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\sdexe.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\DSQ\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\tsupdate_4_0_3_9_b2.exe -> Downloader.TSUpdate.m : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\CKY\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\ENB\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MJ4LKTC7\svcproc[1].exe -> Trojan.Stervis.e : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R6NV21L0\Poller[1].exe -> Trojan.Poler.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R6NV21L0\send_ocx_amd[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DLHelperEXE.exe -> Adware.Thumper : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\EARN -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\EARN\EARN website.url -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Owner\Start Menu\Programs\EARN\About EARN.lnk -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@incredifind[1].txt -> TrackingCookie.Incredifind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Thunderdownloads : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lajweogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyamczwfqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkocpczcfqqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiokczsgoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkicmcpwhoawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyugazgfpaudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wmdzaaoqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqoajsfpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywpajcapamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyendpefpqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[3].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[4].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad-logics[3].txt -> TrackingCookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[5].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[5].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[3].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[6].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.66.220.17.154 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[4].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[4].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[5].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[3].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][6].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[6].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[3].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@goldenpalace[3].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cliks[4].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[3].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@grandonline[2].txt -> TrackingCookie.Grandonline : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Grandonline : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Grandonline : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][6].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\oosr.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\eoic.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-27ef2cd7-4c12aa04.zip/Colors.class -> Hijacker.StartPage.l : Cleaned with backup
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\ar3.jar-586bddde-3ab415f9.zip/Counter.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temp\bdl14025.exe -> Trojan.Revop.c : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temp\DrTemp\INTLRECO.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\L80RLD45\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\O3RN6CTP\wsem302[1].dll -> Downloader.Dyfuca.dc : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\O3RN6CTP\wsem302[3].dll -> Downloader.Dyfuca.dc : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\exitpoplight1[1].htm -> Trojan.NoClose.i : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\DPXZUAVA\bdl14025[1].exe -> Trojan.Revop.c : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\DPXZUAVA\bdl14025[2].exe -> Trojan.Revop.c : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\DPXZUAVA\optimize[1].exe -> Downloader.Dyfuca.cy : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\PHXBYIBY\optimize314[1].exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\IE05UUF3\optimize313[1].exe -> Downloader.Dyfuca.dx : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@lop[2].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cj[1].txt -> TrackingCookie.Cj : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@lop[3].txt -> TrackingCookie.Lop : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@abetterinternet[3].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Mom\Cookies\mom@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Grandonline : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@grandonline[2].txt -> TrackingCookie.Grandonline : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@roispy[1].txt -> TrackingCookie.Roispy : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@findwhat[1].txt ->
CONTINUED ON NEXT POST!!!

Edited by Kosti, 06 April 2006 - 10:46 AM.

  • 0

#5
Kosti
Posted 06 April 2006 - 10:48 AM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@bestoffersnetworks[4].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@adrevolver[7].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@xxxcounter[3].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][4].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@com[3].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Counted : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@abetterinternet[3].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][4].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@zedo[3].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@paycounter[3].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@2o7[4].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kosti\Cookies\kosti@247realmedia[3].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Program Files\Common Files\muqo\muqoa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\muqo\muqol.exe -> Downloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\muqo\muqom.exe -> Downloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\muqo\muqop.exe -> Adware.Xupiter : Cleaned with backup
C:\Program Files\Vbub\Ieui.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\vndur9e5\vndur9e5.exe -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\vndur9e5\vndur9e51\vndur9e51.dll -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\vndur9e5\vndur9e51\vndur9e51.exe -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\SpywareQuake -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\SpywareQuake.exe -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\msvcr71.dll -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\msvcp71.dll -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\blacklist.txt -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\ref.dat -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\Lang -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\Lang\English.ini -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\Logs -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\Quarantine -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\SpywareQuake.url -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\uninst.exe -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\sq.ini -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\SpywareQuake\ignored.lst -> Adware.SpywareQuake : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060406-095805-515.dll -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060406-095805-755.dll -> Adware.ImiBar : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060406-095805-978.dll -> Adware.ActivShopper : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060406-095806-307.dll -> Downloader.Xatl.a : Cleaned with backup
C:\Program Files\WindowsSA\omniscient.exe -> Adware.BlazeFind : Cleaned with backup
C:\Program Files\WindowsSA\omniscienthook.dll -> Adware.BlazeFind : Cleaned with backup
C:\Program Files\DR_S\DR_S.exe -> Downloader.Small.hs : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1013\A0113942.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1013\A0113945.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1013\A0113946.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1013\A0113947.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1002\A0113806.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1020\A0114044.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1020\A0114050.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114983.DLL -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114984.dll -> Adware.ImiBar : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114986.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114988.DLL -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114989.dll -> Hijacker.Delf.r : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114991.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114992.dll -> Adware.ReSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114993.DLL -> Adware.SearchIt : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114994.dll -> Adware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0115007.tlb -> Downloader.Zlob.ke : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0115008.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0115012.dll -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0115013.exe -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116005.tlb -> Downloader.Zlob.ke : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116011.dll -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116012.exe -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116036.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116037.exe -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116038.exe -> Downloader.Keenval.f : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116070.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116072.exe -> Downloader.Stubby.c : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116074.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116075.exe -> Downloader.Dyfuca.cy : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116076.exe -> Downloader.Dyfuca.da : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116077.exe -> Downloader.Dyfuca.dk : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116078.exe -> Downloader.Dyfuca.ds : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116079.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116080.exe -> Downloader.Dyfuca.du : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116081.exe -> Downloader.Dyfuca.dx : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116082.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116083.dll -> Downloader.Dyfuca.dc : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116084.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116085.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116086.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116087.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116088.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116090.dll -> Trojan.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116094.DLL -> Adware.MediaPops : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116096.DLL -> Adware.MediaPops : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116098.exe -> Adware.Sahat : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116099.DLL -> Adware.Sahat : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116100.exe -> Adware.Sahat : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116123.dll -> Adware.F1Organizer : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116126.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116137.dll -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116138.exe -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116140.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116143.exe -> Trojan.Stervis.e : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116160.dll -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116161.exe -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116188.dll -> Adware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116189.dll -> Adware.ImiBar : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116190.dll -> Adware.ActivShopper : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116194.exe -> Downloader.Zlob.kj : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116199.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116201.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116206.exe -> Adware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP966\A0113385.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP966\A0113386.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1008\A0113889.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1008\A0113891.exe -> Adware.Bestofer : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1008\A0113892.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1011\A0113915.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1023\A0114075.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1023\A0114081.EXE -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1023\A0114082.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP977\A0113483.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP984\A0113587.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP986\A0113624.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP986\A0113633.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP998\A0113759.exe -> Trojan.Agent.ay : Cleaned with backup
C:\Recycled\NPROTECT\00000002.dll -> Adware.404Search : Cleaned with backup
C:\Recycled\NPROTECT\00000003.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Recycled\NPROTECT\00000006.exe -> Adware.BiSpy : Cleaned with backup
C:\Recycled\NPROTECT\00000008.dll -> Adware.BiSpy : Cleaned with backup
C:\Recycled\NPROTECT\00000009.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Recycled\NPROTECT\00000011.TXT -> TrackingCookie.Centrport : Cleaned with backup
C:\Recycled\NPROTECT\00000012.TXT -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Recycled\NPROTECT\00000013.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Recycled\NPROTECT\00000014.TXT -> TrackingCookie.Specificpop : Cleaned with backup
C:\Recycled\NPROTECT\00000015.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Recycled\NPROTECT\00000016.TXT -> TrackingCookie.Paycounter : Cleaned with backup
C:\Recycled\NPROTECT\00000017.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\00000019.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\Recycled\NPROTECT\00000020.TXT -> TrackingCookie.Onestat : Cleaned with backup
C:\Recycled\NPROTECT\00000021.TXT -> TrackingCookie.Internetfuel : Cleaned with backup
C:\Recycled\NPROTECT\00000022.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\Recycled\NPROTECT\00000025.TXT -> TrackingCookie.Liveperson : Cleaned with backup
C:\Recycled\NPROTECT\00000026.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\00000028.TXT -> TrackingCookie.Addynamix : Cleaned with backup
C:\Recycled\NPROTECT\00000029.TXT -> TrackingCookie.Qksrv : Cleaned with backup
C:\Recycled\NPROTECT\00000030.TXT -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Recycled\NPROTECT\00000031.TXT -> TrackingCookie.Atdmt : Cleaned with backup
C:\Recycled\NPROTECT\00000033.TXT -> TrackingCookie.Advertising : Cleaned with backup
C:\Recycled\NPROTECT\00000034.TXT -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Recycled\NPROTECT\00000035.TXT -> TrackingCookie.Internetfuel : Cleaned with backup
C:\Recycled\NPROTECT\00000036.TXT -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Recycled\NPROTECT\00000038.TXT -> TrackingCookie.Fastclick : Cleaned with backup
C:\Recycled\NPROTECT\00000039.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Recycled\NPROTECT\00000040.TXT -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Recycled\NPROTECT\00000042.TXT -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Recycled\NPROTECT\00000043.TXT -> TrackingCookie.Gator : Cleaned with backup
C:\Recycled\NPROTECT\00000044.TXT -> TrackingCookie.Centrport : Cleaned with backup
C:\Recycled\NPROTECT\00000045.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\Recycled\NPROTECT\00000046.TXT -> TrackingCookie.Specificpop : Cleaned with backup
C:\Recycled\NPROTECT\00000047.TXT -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Recycled\NPROTECT\00000049.exe -> Downloader.Keenval : Cleaned with backup
C:\Recycled\NPROTECT\00000050.exe -> Downloader.Keenval : Cleaned with backup
C:\Recycled\NPROTECT\00000052.EXE -> Adware.DownloadWare : Cleaned with backup


::Report End
-----------------------------------------------------

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 06/04/2006
The current time is: 10:02:02.12

Running from
C:\Documents and Settings\Kosti\Desktop\Smitrem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}"=""
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}\InProcServer32]
@="C:\WINDOWS\sa22.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\system32\stickrep.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1196 'explorer.exe'
Killing PID 1196 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}"=""
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}\InProcServer32]
@="C:\WINDOWS\sa22.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\system32\stickrep.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :whistling:
------------------------------------------------------------------------------------
  • 0

#6
Kosti
Posted 06 April 2006 - 10:49 AM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Adware:adware program Not disinfected C:\WINDOWS\system32\data.~
Virus:Trj/Agent.APG Disinfected C:\WINDOWS\system32\pri_32.dll
Virus:Trj/Agent.APG Disinfected C:\WINDOWS\system32\pri_32.exe
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\system32\okshook.dll
Adware:adware/powersearch Not disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\payload.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/StripPlayer Not disinfected C:\WINDOWS\inf\strip-player.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi419.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi.inf
Spyware:spyware/bridge Not disinfected C:\WINDOWS\Downloaded Program Files\bridge.inf
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\eroskop.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\wejscie.exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\Downloaded Program Files\245-1085-ax.exe
Adware:adware/ncase Not disinfected C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\turbo.inf
Adware:adware/mpgcom Not disinfected C:\WINDOWS\mpgcom.dll
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Key2.txt
Dialer:dialer.pk Not disinfected C:\WINDOWS\EPlugin.ocx
Adware:adware/gator Not disinfected C:\WINDOWS\GatorHDPlugin.log-old.log
Adware:adware/blazefind Not disinfected C:\WINDOWS\System32omniprivacy.khtml
Adware:Adware/Searchforit Not disinfected C:\WINDOWS\SYSsfit.exe
Adware:adware/ipinsight Not disinfected C:\WINDOWS\farmmext.ini
Virus:Trj/Downloader.GKL Disinfected C:\WINDOWS\samicro.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\exact.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\exactinstaller.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\rect wma body flag\TITLE BIN.bk!
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\rect wma body flag\OBJ BAIT.bk!
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\rect wma body flag\DashPoll.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Rem54.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cec6c2ac.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\staC.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\RemBE.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Rem2C.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Rem29.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cec6e365.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\staA.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\125936.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\hinbdfvw.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\pwwsclej.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cfabd9d6.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\cccc5dfd.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\sta55.exe
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@offeroptimizer[1].txt
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\e1b07.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\wjukrfwu.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\sfyqheka.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3c8714.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\a13b446.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI632A.tmp\ceres.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.ini
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\krwweafm.exe
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\client.cfg
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tickle[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
Spyware:Cookie/Slotch Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kount[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fortunecity[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\owner@webpower[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qsrch[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@servlet[4].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@servlet[3].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[3].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[4].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banner[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Owner\Cookies\owner@errorguard[1].txt
Spyware:Cookie/Luckynugget Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kount[3].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Owner\Cookies\owner@pacificpoker[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Owner\Cookies\owner@pacificpoker[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[3].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[4].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tickle[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bravenet[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fortunecity[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[1].txt
Spyware:Cookie/3 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@3[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[4].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[4].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Owner\Cookies\owner@outster[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[11].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[5].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[5].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[6].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[7].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[8].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[12].txt
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-2913c6b5.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-2913c6b5.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-2913c6b5.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-1f5b6b54-2913c6b5.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-27f73bdf.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-27f73bdf.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-27f73bdf.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-27f73bdf.zip[Installer.class]
Adware:Adware/HuntBar Not disinfected C:\Documents and Settings\Mom\Local Settings\Temp\msiein\CAB37684.9004508333\msielink.dll
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\O3RN6CTP\newpass2[1].htm
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_[CSAOLINST[1].DLl]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mom\Cookies\mom@offeroptimizer[3].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mom\Cookies\mom@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mom\Cookies\mom@atwola[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mom\Cookies\mom@bravenet[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mom\Cookies\mom@888[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@realmedia[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Mom\Cookies\mom@servlet[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mom\Cookies\mom@atwola[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mom\Cookies\mom@offeroptimizer[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mom\Cookies\mom@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Mom\Cookies\mom@888[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mom\Cookies\mom@offeroptimizer[2].txt
  • 0

#7
Crustyoldbloke
Posted 06 April 2006 - 11:54 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Peter

I have decided to take the lazy man's way, and then I'll take a look for a LOP infection.

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy ALL THE TEXT contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\sa22.dll
C:\WINDOWS\system32\cd_clint.dll
C:\WINDOWS\system32\data.~
C:\WINDOWS\system32\okshook.dll
C:\WINDOWS\system32\stlb2.xml
C:\WINDOWS\inf\payload.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\strip-player.inf
C:\WINDOWS\inf\bi419.inf
C:\WINDOWS\inf\bi.inf
C:\WINDOWS\Downloaded Program Files\bridge.inf
C:\WINDOWS\Downloaded Program Files\eroskop.exe
C:\WINDOWS\Downloaded Program Files\wejscie.exe
C:\WINDOWS\Downloaded Program Files\245-1085-ax.exe
C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll
C:\WINDOWS\Downloaded Program Files\turbo.inf
C:\WINDOWS\mpgcom.dll
C:\WINDOWS\Key2.txt
C:\WINDOWS\EPlugin.ocx
C:\WINDOWS\GatorHDPlugin.log-old.log
C:\WINDOWS\System32omniprivacy.khtml
C:\WINDOWS\SYSsfit.exe
C:\WINDOWS\farmmext.ini
C:\WINDOWS\exact.exe
C:\WINDOWS\exactinstaller.exe
C:\WINDOWS\kwv2.dat
C:\Documents and Settings\All Users\Application Data\rect wma body flag\TITLE BIN.bk!
C:\Documents and Settings\All Users\Application Data\rect wma body flag\OBJ BAIT.bk!
C:\Documents and Settings\All Users\Application Data\rect wma body flag\DashPoll.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Rem54.exe
C:\Documents and Settings\Owner\Local Settings\Temp\cec6c2ac.exe
C:\Documents and Settings\Owner\Local Settings\Temp\staC.exe
C:\Documents and Settings\Owner\Local Settings\Temp\RemBE.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Rem2C.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Rem29.exe
C:\Documents and Settings\Owner\Local Settings\Temp\cec6e365.exe
C:\Documents and Settings\Owner\Local Settings\Temp\staA.exe
C:\Documents and Settings\Owner\Local Settings\Temp\125936.exe
C:\Documents and Settings\Owner\Local Settings\Temp\hinbdfvw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\pwwsclej.exe
C:\Documents and Settings\Owner\Local Settings\Temp\cfabd9d6.exe
C:\Documents and Settings\Owner\Local Settings\Temp\cccc5dfd.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sta55.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_
C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe]
C:\Documents and Settings\Owner\Local Settings\Temp\Inside Program.exe
C:\Documents and Settings\Owner\Local Settings\Temp\e1b07.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wjukrfwu.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sfyqheka.exe
C:\Documents and Settings\Owner\Local Settings\Temp\3c8714.exe
C:\Documents and Settings\Owner\Local Settings\Temp\a13b446.exe
C:\Documents and Settings\Owner\Local Settings\Temp\THI632A.tmp\ceres.inf
C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.inf
C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.ini
C:\Documents and Settings\Owner\Local Settings\Temp\krwweafm.exe
C:\Documents and Settings\Owner\Local Settings\Temp\client.cfg
C:\Documents and Settings\Mom\Local Settings\Temp\msiein\CAB37684.9004508333\msielink.dll
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\O3RN6CTP\newpass2[1].htm
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_[CSAOLINST[1].DLl]


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger programme by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • Upon reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy & paste the content of c:\avenger.txt into your reply along with a fresh HJT log from normal mode, by using Add Reply
  • 0

#8
Kosti
Posted 06 April 2006 - 12:03 PM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
thanks...I'm just off to school so I will be doing it later on tonight, and I'll post back later tonight.
  • 0

#9
Crustyoldbloke
Posted 06 April 2006 - 01:27 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
No problem, but I am a golf fan and there is live coverage here from 9.00 pm from Augusta - it's 8.27 pm now.
  • 0

#10
Kosti
Posted 06 April 2006 - 09:39 PM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey...how about Vijay with a beauty round today...our Canadian boy Mike Weir's in the hunt too, only 4 back...I love the masters...anyways, here's the info, and thanks again

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxyctsak

*******************

Script file located at: \??\C:\ghrntmbf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\sa22.dll not found!
Deletion of file C:\WINDOWS\sa22.dll failed!

Could not process line:
C:\WINDOWS\sa22.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cd_clint.dll deleted successfully.
File C:\WINDOWS\system32\data.~ deleted successfully.
File C:\WINDOWS\system32\okshook.dll deleted successfully.
File C:\WINDOWS\system32\stlb2.xml deleted successfully.
File C:\WINDOWS\inf\payload.inf deleted successfully.
File C:\WINDOWS\inf\biini.inf deleted successfully.
File C:\WINDOWS\inf\strip-player.inf deleted successfully.
File C:\WINDOWS\inf\bi419.inf deleted successfully.
File C:\WINDOWS\inf\bi.inf deleted successfully.
File C:\WINDOWS\Downloaded Program Files\bridge.inf deleted successfully.
File C:\WINDOWS\Downloaded Program Files\eroskop.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\wejscie.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\245-1085-ax.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll deleted successfully.
File C:\WINDOWS\Downloaded Program Files\turbo.inf deleted successfully.
File C:\WINDOWS\mpgcom.dll deleted successfully.
File C:\WINDOWS\Key2.txt deleted successfully.
File C:\WINDOWS\EPlugin.ocx deleted successfully.
File C:\WINDOWS\GatorHDPlugin.log-old.log deleted successfully.
File C:\WINDOWS\System32omniprivacy.khtml deleted successfully.
File C:\WINDOWS\SYSsfit.exe deleted successfully.
File C:\WINDOWS\farmmext.ini deleted successfully.
File C:\WINDOWS\exact.exe deleted successfully.
File C:\WINDOWS\exactinstaller.exe deleted successfully.
File C:\WINDOWS\kwv2.dat deleted successfully.
File C:\Documents and Settings\All Users\Application Data\rect wma body flag\TITLE BIN.bk! deleted successfully.
File C:\Documents and Settings\All Users\Application Data\rect wma body flag\OBJ BAIT.bk! deleted successfully.
File C:\Documents and Settings\All Users\Application Data\rect wma body flag\DashPoll.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\Rem54.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\cec6c2ac.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\staC.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\RemBE.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\Rem2C.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\Rem29.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\cec6e365.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\staA.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\125936.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\hinbdfvw.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\pwwsclej.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\cfabd9d6.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\cccc5dfd.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\sta55.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_ deleted successfully.


File C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe] not found!
Deletion of file C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe] failed!

Could not process line:
C:\Documents and Settings\Owner\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe]
Status: 0xc0000034

File C:\Documents and Settings\Owner\Local Settings\Temp\Inside Program.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\e1b07.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\wjukrfwu.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\sfyqheka.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\3c8714.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\a13b446.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\THI632A.tmp\ceres.inf deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.inf deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\THI509.tmp\farmmext.ini deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\krwweafm.exe deleted successfully.
File C:\Documents and Settings\Owner\Local Settings\Temp\client.cfg deleted successfully.
File C:\Documents and Settings\Mom\Local Settings\Temp\msiein\CAB37684.9004508333\msielink.dll deleted successfully.
File C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\O3RN6CTP\newpass2[1].htm deleted successfully.


File C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_[CSAOLINST[1].DLl] not found!
Deletion of file C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_[CSAOLINST[1].DLl] failed!

Could not process line:
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_[CSAOLINST[1].DLl]
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:35:54 PM, on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartph...x/PCAXSetup.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
  • 0

Advertisements

#11
Crustyoldbloke
Posted 07 April 2006 - 02:33 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Peter

The golf was good and looks like anyone's title at the moment.

I am seeing 3 accounts; owner, Mom, Kosti. Is that correct? My intention is to get one clean (Kosti) and then clean the other two if you still wish to have them separate. This fix should clean Kosti but then I want another deep scan to be certain.

To start please download CCleaner

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

System Startup Service (SvcProc)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

SvcProc

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete this file (if present) using SEARCH:

stlb2.dll

Close Windows Explorer

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Utilities uncheck Ewido Security Suite log and ensure Only delete files in Windows Temp folder older than 48 hours is unchecked also, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Reboot normally

Please visit Kaspersky using Microsoft Internet Explorer, for an online scan. Please select extended in the scan settings option; you will find it to be the second option from the top. Please post the Kaspersky log in your reply toether with a fresh HijackThis log (from normal mode) and I will take another look.
  • 0

#12
Kosti
Posted 07 April 2006 - 01:18 PM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ALright, just finished up with your instructions...stlb2.dll was not found so it looks like it's gone...
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
was also not in the hijackthis scan so I couldn't highlight that one to delete...other than that I think everything else worked out. I still get two Notepad things that open up and they are identical. In the Blue title bar is says "desktop - Notepad" then in the body it says [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Also, I don't mind deleting the other two account that are on this computer (Mom, and owner). My mom doesn't use it ever (I can just make a new one when she decides she wants to use a computer again) and the owner had problems with it so I created the Kosti user. I don't mind deleting the onwer user, but I just don't want any major programs to be gone that I use on Kosti but might have been installed on owner.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, April 07, 2006 15:13:23
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/04/2006
Kaspersky Anti-Virus database records: 186814
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 92746
Number of viruses found: 94
Number of infected objects: 208
Number of suspicious objects: 3
Duration of the scan process: 5132 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\fbef3hli.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\roavliuvgij.exe Infected: not-a-virus:AdWare.Win32.Bestofer.d
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval.h
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0002/data0004/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0002/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0002/data0005 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0004/data0005/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0004/data0005 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0004/data0004/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0004/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe/data0005 Infected: Trojan.Win32.Keenval.b
C:\Documents and Settings\Owner\Local Settings\Temp\UpdatedUpdaterInstall.exe Infected: Trojan.Win32.Keenval.b
C:\Documents and Settings\Owner\Local Settings\Temp\THI7662.tmp\MMaker4b.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\THI7662.tmp\MMaker4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d
C:\Documents and Settings\Owner\Local Settings\Temp\THI7662.tmp\MMaker4b.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.h
C:\Documents and Settings\Owner\Local Settings\Temp\THI7662.tmp\MMaker4b.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\Owner\Local Settings\Temp\THI7662.tmp\MMaker4b.exe Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\Owner\Local Settings\Temp\THI5F0.tmp\MMaker4b.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Owner\Local Settings\Temp\THI5F0.tmp\MMaker4b.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d
C:\Documents and Settings\Owner\Local Settings\Temp\THI5F0.tmp\MMaker4b.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.h
C:\Documents and Settings\Owner\Local Settings\Temp\THI5F0.tmp\MMaker4b.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\Owner\Local Settings\Temp\THI5F0.tmp\MMaker4b.exe Infected: not-a-virus:AdWare.Win32.WebRebates.c
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IP6Z0V6X\tbonuac[1].exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SBOEBJY3\DrPMon[1].dll Infected: Trojan.Win32.Agent.ic
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R6NV21L0\Nail[1].exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED/letter.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED/letter.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sat, 19 Jun 2004 16:14:40 -0400]/UNNAMED/software.txt Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sat, 19 Jun 2004 16:14:40 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED/Gift.zip/bfywq.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED/Gift.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED/Be_not_jealous.zip/16_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED/Be_not_jealous.zip Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\My Documents\My Received Files\kazaa_lite_202_english.exe/data0014 Infected: not-a-virus:AdWare.Win32.Altnet.o
C:\Documents and Settings\Owner\My Documents\My Received Files\kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_/ Infected: not-a-virus:AdWare.Win32.ClearSearch.x
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\ROCCTHVI\CSAOLINST[1].DL_ Infected: not-a-virus:AdWare.Win32.ClearSearch.x
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Wed, 03 Aug 2005 08:20:29 +0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Wed, 03 Aug 2005 08:20:29 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Thu, 03 Nov 2005 21:28:17 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Thu, 03 Nov 2005 21:28:17 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\My Documents\My Received Files\kazaa_lite_202_english.exe/data0014 Infected: not-a-virus:AdWare.Win32.Altnet.o
C:\Documents and Settings\Kosti\My Documents\My Received Files\kazaa_lite_202_english.exe Infected: not-a-virus:AdWare.Win32.Altnet.o
C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\Norton AntiVirus\Quarantine\599F2599.tmp Infected: Trojan.Java.ClassLoader.u
C:\Program Files\vndur9e5\i6bpxtly.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al
C:\Program Files\vndur9e5\eje3fqqt.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.ar
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1013\A0113936.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1025\A0114905.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1025\A0114906.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114951.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114952.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0114967.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0115001.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1026\A0116001.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116091.dll Infected: not-a-virus:AdWare.Win32.Wintol.ao
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116093.dll Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116097.exe Infected: not-a-virus:AdWare.Win32.Sahat.f
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116130.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116131.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116139.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116151.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116153.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116174.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116175.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116186.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116187.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116210.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116211.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116212.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116213.exe Infected: Trojan-Downloader.Win32.Zlob.kh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116214.exe Infected: not-a-virus:AdWare.Win32.Sahat.f
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116215.tlb Infected: Trojan-Downloader.Win32.Zlob.kg
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116216.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116217.dll Infected: Trojan-Dropper.Win32.Mudrop.k
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116218.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.b
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116219.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116220.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.a
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116220.exe Infected: not-a-virus:AdWare.Win32.Sahat.a
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116221.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.u
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116221.exe Infected: not-a-virus:AdWare.Win32.PurityScan.u
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116222.dll Infected: not-a-virus:Dialer.Win32.DialerOffline
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116223.dll Infected: not-a-virus:[bleep]-Downloader.Win32.StripPlayer
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116224.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.e
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116225.dll Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116226.dll Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116227.DLL Infected: Trojan-Clicker.Win32.Agent.dh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116228.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ao
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116229.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116230.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116231.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116232.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116233.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116234.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116235.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116236.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116237.exe Infected: Trojan-Downloader.Win32.Swizzor.bt
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116239.exe Infected: Trojan-Dropper.Win32.Delf.z
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116240.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116241.dll Infected: Trojan.Win32.Dialer.mf
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116242.dll Infected: not-a-virus:AdWare.Win32.180Solutions
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116243.exe Infected: not-a-virus:AdWare.Win32.180Solutions
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116244.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116245.exe Infected: not-a-virus:AdWare.Win32.EZula.i
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116246.exe Infected: Trojan.Win32.StartPage.sy
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116247.dll Infected: Trojan.Win32.Dialer.bi
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116248.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116249.dll Infected: Trojan.Win32.Agent.fc
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116250.dll Infected: Trojan.Win32.Agent.fc
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116251.exe Infected: Trojan-Downloader.Win32.Intexp.h
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116252.exe/dsr.dll Infected: not-a-virus:AdWare.Win32.ImiBar.h
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116252.exe Infected: not-a-virus:AdWare.Win32.ImiBar.h
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116253.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116254.exe Infected: not-a-virus:AdWare.Win32.Thumper.a
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116256.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116257.exe Infected: not-a-virus:AdWare.Win32.PurityScan.v
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116258.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116259.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116260.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116261.exe Infected: not-a-virus:AdWare.Win32.Xupiter.m
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116262.exe Infected: Trojan.Win32.Small.cy
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116263.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.aa
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116264.dll Infected: not-a-virus:AdWare.Win32.ClearSearch.z
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116265.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.ac
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116272.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.d
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116273.dll Infected: not-a-virus:AdWare.Win32.BlazeFind.d
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116274.exe Infected: Trojan-Downloader.Win32.Small.hs
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116275.dll Infected: not-a-virus:AdWare.Win32.404Search.i
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116276.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116277.exe Infected: not-a-virus:AdWare.Win32.BiSpy.i
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116278.dll Infected: not-a-virus:AdWare.Win32.BiSpy.b
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116279.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116280.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116281.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116282.EXE Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116284.dll Infected: Trojan-Downloader.Win32.Small.byd
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116285.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116286.dll Infected: Trojan-Downloader.Win32.Zlob.jx
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116287.dll Infected: not-a-virus:AdWare.Win32.BlazeFind.e
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116299.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116300.exe Infected: Trojan.Win32.Delf.og
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116301.dll Infected: Trojan-Downloader.Win32.Small.bxh
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116302.dll Infected: Trojan-Clicker.Win32.Rotarran
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116347.exe Infected: Trojan.Win32.StartPage.ey
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116350.exe/stream/data0001 Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116350.exe/stream Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116350.exe Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1027\A0116351.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1003\A0113810.exe/stream/data0001 Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1003\A0113810.exe/stream Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1003\A0113810.exe Infected: Trojan-Downloader.Win32.VB.ql
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1008\A0113882.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1011\A0113909.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1011\A0113917.exe Infected: not-a-virus:AdWare.Win32.Bestofer.d
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1011\A0113918.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.b
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP1023\A0114092.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP968\A0113402.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.az
C:\System Volume Information\_restore{45B10250-62CE-4B70-B366-B099CA9C8899}\RP984\A0113590.dll Infected: not-a-virus:AdWare.Win32.ActivShopper.b
C:\~WRF0409.tmp Infected: Trojan-Downloader.Win32.Zlob.kh
C:\avenger\backup.zip/avenger/eroskop.exe Infected: not-a-virus:[bleep]-Dialer.Win32.Generic
C:\avenger\backup.zip/avenger/wejscie.exe Infected: not-a-virus:[bleep]-Dialer.Win32.Generic
C:\avenger\backup.zip/avenger/245-1085-ax.exe Infected: not-a-virus:[bleep]-Dialer.Win32.Generic
C:\avenger\backup.zip/avenger/turbo.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as
C:\avenger\backup.zip/avenger/SYSsfit.exe Infected: Trojan.Win32.StartPage.ey
C:\avenger\backup.zip/avenger/exactinstaller.exe/stream/data0001 Infected: Trojan-Downloader.Win32.VB.ql
C:\avenger\backup.zip/avenger/exactinstaller.exe/stream Infected: Trojan-Downloader.Win32.VB.ql
C:\avenger\backup.zip/avenger/exactinstaller.exe Infected: Trojan-Downloader.Win32.VB.ql
C:\avenger\backup.zip/avenger/TITLE BIN.bk! Infected: Trojan.Win32.Krepper.ab
C:\avenger\backup.zip/avenger/OBJ BAIT.bk! Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\avenger\backup.zip/avenger/DashPoll.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\avenger\backup.zip/avenger/Rem54.exe Infected: Trojan-Downloader.Win32.Swizzor.br
C:\avenger\backup.zip/avenger/cec6c2ac.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\avenger\backup.zip/avenger/staC.exe Infected: Trojan-Downloader.Win32.Swizzor.br
C:\avenger\backup.zip/avenger/RemBE.exe Infected: Trojan-Downloader.Win32.Swizzor.br
C:\avenger\backup.zip/avenger/Rem2C.exe Infected: Trojan-Downloader.Win32.Swizzor.br
C:\avenger\backup.zip/avenger/Rem29.exe Infected: Trojan-Downloader.Win32.Swizzor.br
C:\avenger\backup.zip/avenger/cec6e365.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\avenger\backup.zip/avenger/staA.exe Infected: not-a-virus:AdWare.Win32.Lop
C:\avenger\backup.zip/avenger/125936.exe Infected: Trojan-Downloader.Win32.Swizzor.by
C:\avenger\backup.zip/avenger/hinbdfvw.exe Infected: not-a-virus:AdWare.Win32.Lop
C:\avenger\backup.zip/avenger/pwwsclej.exe Infected: not-a-virus:AdWare.Win32.Lop
C:\avenger\backup.zip/avenger/cfabd9d6.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\avenger\backup.zip/avenger/cccc5dfd.exe Infected: Trojan-Downloader.Win32.Swizzor.bn
C:\avenger\backup.zip/avenger/sta55.exe Infected: not-a-virus:AdWare.Win32.Lop
C:\avenger\backup.zip/avenger/FNuninstaller.EX_/FNuninstaller.EXe Infected: not-a-virus:AdWare.Win32.ClearSearch.n
C:\avenger\backup.zip/avenger/FNuninstaller.EX_ Infected: not-a-virus:AdWare.Win32.ClearSearch.n
C:\avenger\backup.zip/avenger/Inside Program.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\avenger\backup.zip/avenger/e1b07.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\avenger\backup.zip/avenger/wjukrfwu.exe Infected: Trojan-Downloader.Win32.Swizzor.ch
C:\avenger\backup.zip/avenger/sfyqheka.exe Infected: Trojan-Downloader.Win32.Swizzor.ch
C:\avenger\backup.zip/avenger/3c8714.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\avenger\backup.zip/avenger/a13b446.exe Infected: Trojan-Downloader.Win32.Swizzor.cc
C:\avenger\backup.zip/avenger/krwweafm.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\avenger\backup.zip Infected: Trojan-Downloader.Win32.Swizzor.co

Scan process completed.
----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:18:05 PM, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartph...x/PCAXSetup.cab?
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Edited by Kosti, 07 April 2006 - 01:22 PM.

  • 0

#13
Crustyoldbloke
Posted 07 April 2006 - 02:19 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Kosti

Please go to User Accounts in the Control Panel and delete all the accounts other than you one I have been working on.

Windows by default will create a folder for each account and place it on the desktop with all the files and documents relative to that account in it, so nothing is lost.

If you then wish to have multiple accounts again, just reboot normally and create the account again from User Accounts.

I think now is a good time for a clear out. According to Kaspersky you have many virii in your Outlook Express mail boxes. Here's the list which MUST be deleted:

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED/letter.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED/letter.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 20 Jun 2004 13:07:43 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sat, 19 Jun 2004 16:14:40 -0400]/UNNAMED/software.txt Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sat, 19 Jun 2004 16:14:40 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED/Gift.zip/bfywq.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED/Gift.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx/[From [email protected]][Date Sun, 29 Aug 2004 18:47:51 -0500]/UNNAMED Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Password-protected-EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED/Be_not_jealous.zip/16_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED/Be_not_jealous.zip Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx/[From "Peter Kosturek" <[email protected]>][Date Wed, 1 Jun 2005 21:41:29 -0400]/UNNAMED Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{90B4388C-9A92-4D1A-BDAB-1B1B3CD55FE5}\Microsoft\Outlook Express\Sent Items.dbx Infected: Email-Worm.Win32.Bagle.bo
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Wed, 03 Aug 2005 08:20:29 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Thu, 03 Nov 2005 21:28:17 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <[email protected]>][Date Thu, 03 Nov 2005 21:28:17 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Kosti\Local Settings\Application Data\Identities\{C1658975-7FA0-4E20-A474-36AC18F839AE}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn

More to the point is how did that ever happen with Norton protecting your emails. So the question must be, is Norton working or is it out of date?, in which case I would recommend AVG as a FREE replacement. Without knowing how many emails you have stored in your SENT, IN, OUT and DELETED boxes, that is a major list and I would think the cause of all your problems.

Let me know what you want to do with regard to antivirus protection.

The other thing is that the list from Kaspersky contains many files that should have been deleted by Ccleaner; which is why I put them in that order. Since something has not gone well there, we'll have to do a manual clean-up:

Please delete your temporary files.

Click on START > RUN > type in cleanmgr and hit ENTER

You will see a window asking you to choose your harddrive (most likely C: Drive)

Click it and Windows will now scan the drive and show you the results

Make sure the following are checked:Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Compress Old Files (if you want more disk space)
Click OK and Disk Cleanup will delete those files for you.

Next, go to Start>Run>type in %temp% hit Enter and delete the content of all the temp folders shown (only the content, not the folder). A couple of files may be in memory and will not therefore delete, this is normal.

The bad files in System Restore are OK, we will be cleaning those out at the very end.

So that should leave just these for inclusion into this round of Avenger:

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy ALL THE TEXT contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\avenger\backup.zip/avenger
C:\Program Files\vndur9e5

Files to delete:
C:\WINDOWS\system32\fbef3hli.ini
C:\WINDOWS\roavliuvgij.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\kazaa_lite_202_english.exe/data0014
C:\Documents and Settings\Owner\My Documents\My Received Files\kazaa_lite_202_english.exe
C:\Documents and Settings\Kosti\My Documents\My Received Files\kazaa_lite_202_english.exe/data0014
C:\Documents and Settings\Kosti\My Documents\My Received Files\kazaa_lite_202_english.exe
C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe/stream/data0006 C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe/stream
C:\Documents and Settings\Kosti\Desktop\ccsetup128.exe
C:\Program Files\Norton AntiVirus\Quarantine\599F2599.tmp
C:\Program Files\mIRC\mirc.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger programme by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • Upon reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy & paste the content of c:\avenger.txt into your reply along with a fresh HJT log from normal mode, by using Add Reply

BTW, the last HJT log was clean

Finally, I did see a LOP file yesterday, and to be safe please produce this next log for analysing.

Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here
  • 0

#14
Kosti
Posted 07 April 2006 - 02:26 PM

Kosti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
when using CCleaner I wasn't able to access the internet on Safe Mode, so I couldn't get any updates for it, I just ran it as it was when downloaded. SHould I do the ccleaner scan again on normal mode so I can download the updates? or just continue with the instructions you've posted
  • 0

#15
Crustyoldbloke
Posted 07 April 2006 - 05:46 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Both - the more the merrier. We have got to get rid of all the rubbish.

BTW, the golf finished a little while ago - still anyone's game.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP