Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJackThis Log [RESOLVED]

Started by pedrossi , Apr 07 2006 07:44 PM

  • This topic is locked This topic is locked

#1
pedrossi
Posted 07 April 2006 - 07:44 PM

pedrossi

    Member

  • Member
  • PipPip
  • 57 posts
Hey guys,

I've been having problems with my PC lately (I'm pretty sure I got some spyware, maybe a virus) so I got a HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 8:42:13 PM, on 4/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\gigantikdj\condition zero\hl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager Demo\agent\syncagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire PRO NIGGA\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



anything looks suspicious up there?

Thank you!!
  • 0

Advertisements

#2
greyknight17
Posted 07 April 2006 - 08:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Nothing much except that Instant Buzz toolbar.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Instant Buzz

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\PROGRA~1\INSTAN~1\

Restart. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#3
pedrossi
Posted 07 April 2006 - 10:00 PM

pedrossi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hey, thanks for the quick reply!

I'm still having some troubles here and there (especially with Firefox and occasional popups when i'm not even surfing the net). What else should I do to clean my PC of all malware?

Thanks!
  • 0

#4
greyknight17
Posted 08 April 2006 - 08:39 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since I see it, there is one thing that you shouldn't do. Limewire...since it can help contribute to malware problems.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ).

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
Exit Ewido when it's done.
* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.

Restart your computer to get back to Normal Mode. Post the Ewido report and a new HijackThis log here.
  • 0

#5
pedrossi
Posted 08 April 2006 - 09:31 PM

pedrossi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hey, thanks again for the report. The Ewido report is quite long, but here it goes:





[code=auto:0]---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:23:39 PM, 4/8/2006
+ Report-Checksum: 2479E6CA

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} -> Adware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B8D60EBB-5565-4392-957B-7164BA087AD4} -> Adware.InstantBuzz : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC924BD1-7382-4619-A706-070CB00F2325} -> Adware.SpywareWall : Cleaned with backup
HKLM\SOFTWARE\Classes\LinkBHO.cIExplorer -> Adware.SpywareWall : Cleaned with backup
HKLM\SOFTWARE\Classes\LinkBHO.cIExplorer\Clsid -> Adware.SpywareWall : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{066040F0-5018-4E15-8AA0-81D36136D989}\\BandCLSID -> Adware.InstantBuzz : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Adware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Adware.Adlogix : Cleaned with backup
C:\!KillBox\nt_hide79.dll -> Trojan.EliteBar.h : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\gbyksu2p.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Guest\Application Data\wtta.exe -> Adware.PurityScan : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.607:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.815:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.816:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.817:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.858:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9n5nicjs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\rawh\!update-3600.0000 -> Downloader.PurityScan.bz : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\wtta.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Complete\1-ACT Anti KeyLogger 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\3 in 1 Video Utilities.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\50 Fast Flash MX Techniques.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\8000 Professional Web Templates.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\84 Angelina Jolie Wallpapers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ABC Pronunciary American English Pron.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Acronis Bootable CD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Acrobat 7 0 Professional Incl Keygen Paradox.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe After Effects 6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Audition V2 0 English Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Illustrator Cs2 V12 32321 39636 20013 25991 21407 29256 20809 30879.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Photoshop Cs2 Iso Keygen Squiggie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Premiere Pro 7 0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Advanced Administrative Tools 5.92.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ahead Nero V7 0 Premium Edition.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Aliasmayaunlimited7011511998 Demonoid Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Allok AVI Mpeg Converter 1.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\American Civil War Gettysburg.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Autocad 2006 Eng.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Autodesk 3d Studio Max V8 0 Webinstall Incl Keymaker Xforce.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Autodesk 3ds Max Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Avalanche Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Azureus2 4 0 0 Jar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bejeweled 2 Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Best of David Lee Roth.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Blue - The Best Of.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Breezy Badger.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Britney Spears - Someday I Will Unders.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Chicken Little.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Chuzzle Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Corel Draw Graphics Suite V 12 3cds Complete Multi Spanish En Fr It Ge Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Coreldraw Graphics Suite X3 V 13 0 4cds Multi 17 Sp En Fr It Ge Serial Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Debian 31r1 I386 Binary 1 Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Diskeeper ProfessionalServer EntAdmi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Eminem - Curtain Call.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Eminem - Encore - Complete CD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Empire Earth II.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Encarta 2006 Premium Spanish Www Limitedivx Com Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Encarta 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\EximiousSoft GIF Creator 2.40.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\EzyPage Enterprise 9.22.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Fedora Core 5 Bordeaux I386 Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Fedora Core 5 Bordeaux X86 64 Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Feeding Frenzy Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\FirmTools AlbumCreator 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Gotcha (PC Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Harry Potter and the Goblet of Fire - Visions.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Herbie Fully Loaded.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Hirens BootCD 7.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ilife 06 Torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Insaniquarium Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Internet Explorer 7 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Isobuster 1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ISS BlackICE PC ProtectionServer Prot.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Journey - The Essential Journey.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Knoppix V4 0 2cd 2005 09 23 En.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Koepi XviD 1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Live Billiards Deluxe 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Macromedia Flash Pro8 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Macromedia Studio V8 Www Limitedivx Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Madonna - Confessions On A Dance Floor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Magix Music.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Office 2003 Professional Word Excel Powerpoint Access Frontpage Outlook Infopath Visio Pro.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Office 2003 Step by Step eBo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Office Professional 2007 Cdkey.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Visual Studio 2006 Eng Dvd Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Windows Xp Media Center 2005 Spanish Www Limitedivx Com Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Windows Xp Media Center Edition 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Windows Xp Media Center Edition 2550.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Missy Elliot Under Construction.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MSN Messenger 8 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7 Ultra Edition Proper Addiction By Www Torrentboyz Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7 Ultra.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero Burning Rom V6 6 0 13 Vision Express V3 1 0 7 Codecpack Key Ace.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\NETSpeedBoost 3.98.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Next ».zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nik Color Efex Pro 2.0 for Adobe Photoshop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nik Dfine 1.0 for Adobe Photoshop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton 2006 En 5 In 1 Nav Nis Nsw Nswp Npm.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton Antivirus 2006 All In One.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton Internet Security 2006 Original Cd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton Utilities 2006 - Ghost 10 Tool.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Online TV Player 2.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Outlaws.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Paint Shop Pro 9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Photoshop Cs 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Photoshop Plugins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Pinnacle Studio Media Suite V10 1 Multilenguaje 3cds Www Limitedivx Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Postal 2 Apocalypse Weekend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Realize Voice 4.1.736.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Remote Password Stealer 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Roxio Easy Media Creator 8 Suite Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Roxio Easy Media Creator 8 Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SeaWorld Adventure Parks Tycoon 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Serenity DivX (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Slackware 10 2 Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Solidworks 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Spiral Graphics Genetica Pro 2.0 Te.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Squiggle 0 1 110 I386 Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Steganos SAFE ProFESSIONAL 2006 8.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Suse Linux Professional 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SWAT 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\THE BEATLES - Jamming With Heather.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Chronicles of Narnia.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Doobies Brothers - 9 Albums.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Logo Creator 4 1 Mega Pack Full.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Rosetta Stone Language System 25 Languages 38 Levels Version 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Theme Hospital (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tomtom5 Europe 6 Cd S Pocket Pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNow Powerpack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNT - Removes Windows Timebomb.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Universal Shield 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Vista Tranformation Pack 2 XP.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Studio 2005 Professional Edition Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Page Maker 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Vista 5231 05 10 04 32bit Cleehein Iso.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows XP Live Edition 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Xp Pro Sp2 2006 01 02 Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Xp Pro Sp3 Extras Bootable.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Xp X64 Edition Final.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wowgirls SE2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Www X Eeme De Magix Music Maker V2006 Deluxe Dvd German Shooters.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XPert Scale Print 2.1.3 for QuarkXPres.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Zuma Deluxe Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C&#
  • 0

#6
greyknight17
Posted 08 April 2006 - 10:37 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Where is the new HijackThis log and do you still have any problems now?
  • 0

#7
pedrossi
Posted 09 April 2006 - 11:33 AM

pedrossi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I had posted both logs last night but I guess something went wrong and it cut off the hijack this log and part of the ewido log

Here's the missing part of the ewido log:
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
	C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
	C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup
	C:\Program Files\wr7x7j42\afcgot0x.DLL -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\e0cnzohl.DLL -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\kxla0tdz.DLL -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\u1vzbfyh.DLL -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\wr7x7j42.dll -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\wr7x7j42.exe -> Backdoor.Ruledor.j : Cleaned with backup
	C:\Program Files\wr7x7j42\wr7x7j421\wr7x7j421.dll -> Adware.ClearSearch : Cleaned with backup
	C:\Program Files\wr7x7j42\wr7x7j421\wr7x7j421.exe -> Adware.ClearSearch : Cleaned with backup
	C:\Setup.exe -> Worm.VB.an : Cleaned with backup
	C:\temporary\aun_0011.exe -> Downloader.Small.akz : Cleaned with backup
	C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
	C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
	C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
	C:\WINDOWS\system32\Cache\pi1_51.exe -> Downloader.Small.afq : Cleaned with backup
	C:\WINDOWS\system32\elitepax32.exe -> Hijacker.StartPage.nk : Cleaned with backup
	C:\WINDOWS\system32\elitepmm32.exe -> Hijacker.StartPage.nk : Cleaned with backup
	C:\WINDOWS\system32\mqmrh.dll -> Adware.Adstart : Cleaned with backup
	C:\WINDOWS\system32\sysmonnt.exe -> Backdoor.VB.aat : Cleaned with backup


::Report End

And here's the new hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:40 PM, on 4/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


I'm still having some problems, mostly with Firefox. In the Browser help section of the forum they told me to finish my thread in this area first and make sure my PC was malware free before going on to fix my firefox.
Is there anything else infecting my PC?

Thanks!
  • 0

#8
greyknight17
Posted 09 April 2006 - 06:26 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Fix this in HijackThis:

O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).

Run the program and click the Web button located on the top right corner.

Copy and paste the below web address into the address bar of the Download script window:

http://metallica.gee...alcanshorty.bfu

Checkmark the following boxes:
Use settings specified in script for the above option.
Show log after script ends.
Execute the script by clicking the Execute button.

When it finishes running, click the Save button for a copy of the log. Post the log created by the script when you have completed the fix.

No need for the HijackThis log....

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#9
pedrossi
Posted 09 April 2006 - 06:52 PM

pedrossi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here's the BFU log:
BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 7:49:43 PM, on 4/9/2006

Script completed.

I'm still having problems with my Firefox, but I think I'll take that up in Browser Help.

Thanks a million for all your help, I don't know what I'd do without geekstogo!
  • 0

#10
greyknight17
Posted 10 April 2006 - 04:02 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP