Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Requesting help with Trojans


  • Please log in to reply

#1
Erica Kline

Erica Kline

    Member

  • Member
  • PipPip
  • 29 posts
Hi,

My computer has been running very slow but with full processor use on task monitor. The hard drive is being accessed constantly. A task called "project" is usually running. Many processes running. Popups frequently. Difficult to close popups. Slow to update screen. Insufficient virtual memory.

Operating system: Windows 2000, Version 5.0, Build 2195, Service Pack 4

I ran Spybot, many things were removed, but this didn't resolve the problem. Same with Norton antivirus.

Norton identifed "Trojan Horse" files that it could not remove:
c:\winnt\system32n9nyb.exe
c:\winnt\unin101.exe
c:\winnt\uni-eh.exe
c:\winnt\system32\bez6n4r21.exe

I attempted to download and run some of the other cleanup programs recommended here, but seems as if all my ability to interface with the internet is being used by the malicious programs.

Thank-you in advance for any help you can provide!

Erica

Here's the HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:39:35 PM, on 8/18/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\win320948-19083844.exe
C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
C:\WINNT\Duce6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\AOL\1129679496\ee\AOLServiceHost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINNT\system32\APPATC~1\dvdplay.exe
C:\Program Files\Common Files\?asks\?hkdsk.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\System32\svchost.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [win320948-19083844] C:\WINNT\win320948-19083844.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\t08ulal91dq.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Erica and welcome

1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HJT log please

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#3
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK, Ran Combofix & then Hijackthis.

By the way, Combofix ran DiskCleanup, I hope that was OK?

Combofix log:

Start Time= Sun 08/20/2006 20:02:52.13
Running from: C:\Documents and Settings\Administrator\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{AB0C9149-7F39-4664-A681-41AF55312A9B}]
@=""

[HKEY_CLASSES_ROOT\clsid\{AB0C9149-7F39-4664-A681-41AF55312A9B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{AB0C9149-7F39-4664-A681-41AF55312A9B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{AB0C9149-7F39-4664-A681-41AF55312A9B}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\kybrdfg_8.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-18 16:32:00 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-08-14 21:02:44 2 ( A.... ) "C:\WINNT\system32\wnscpsv.exe"
2006-08-13 12:53:28 ( .D... ) "C:\Program Files\NetMeeting"
2006-08-13 09:18:12 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\F-Secure"
2006-08-13 08:58:38 ( .D... ) "C:\Program Files\F-Secure Internet Security"
2006-08-13 08:53:22 118842 ( ....R ) "C:\WINNT\bwUnin-6.3.2.116-4476822L.exe"
2006-08-12 12:10:10 106496 ( A.... ) "C:\WINNT\Duce6.exe"
2006-08-12 12:09:00 155648 ( A.... ) "C:\WINNT\win320948-19083844.exe"
2006-08-12 09:05:54 59392 ( A.... ) "C:\WINNT\win32074448-1908382006.exe"
2006-08-12 08:54:02 ( .D... ) "C:\Program Files\Symantec"
2006-08-12 08:32:56 290 ( A.... ) "C:\WINNT\cnifd.dll"
2006-08-09 21:20:24 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Symantec"
2006-08-09 21:17:44 ( .D... ) "C:\Program Files\Norton AntiVirus"
2006-08-09 21:11:04 ( AD... ) "C:\Program Files\Common Files"
2006-08-09 20:15:26 ( .D... ) "C:\Program Files\Common Files\Symantec Shared"
2006-08-08 15:04:18 ( .D... ) "C:\Program Files\FinePixViewer"
2006-08-07 20:46:52 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-08-07 16:02:32 534208 ( A.... ) "C:\WINNT\system32\SymNeti.dll"
2006-08-07 16:02:30 161472 ( A.... ) "C:\WINNT\system32\SymRedir.dll"
2006-08-06 13:44:42 45056 ( A.... ) "C:\WINNT\system32\zkdmg.exe"
2006-08-06 13:44:40 45056 ( A.... ) "C:\WINNT\system32\ghynf.exe"
2006-08-06 13:07:14 ( .D... ) "C:\Program Files\Windows NT"
2006-08-06 12:58:34 81920 ( A.... ) "C:\WINNT\system32\services.dll"
2006-08-06 12:19:28 ( .D... ) "C:\Program Files\Common Files\??crosoft.NET"
2006-08-06 12:18:34 155136 ( A.... ) "C:\WINNT\system32\oins.exe"
2006-08-06 12:18:34 39424 ( A.... ) "C:\WINNT\mtuninst.exe"
2006-08-06 12:14:32 ( .D... ) "C:\Program Files\Common Files\rzqz"
2006-08-06 12:12:56 45056 ( A.... ) "C:\WINNT\system32zkdmg.exe"
2006-08-06 12:12:48 ( .D... ) "C:\Program Files\Internet Explorer"
2006-08-06 12:12:20 32768 ( A.... ) "C:\WINNT\unstall.exe"
2006-08-06 12:12:02 380928 ( A.... ) "C:\WINNT\system32\WinNB58.dll"
2006-08-06 12:11:52 28672 ( A.... ) "C:\WINNT\system32\iqqr.exe"
2006-08-06 12:11:50 45056 ( A.... ) "C:\WINNT\system32ghynf.exe"
2006-08-06 12:11:50 28672 ( A.... ) "C:\WINNT\system32bez6n4r21.exe"
2006-08-06 12:11:48 28672 ( A.... ) "C:\WINNT\system32\bez6n4r21.exe"
2006-08-06 12:11:36 139264 ( A.... ) "C:\WINNT\MirarSetup_876075.exe"
2006-08-02 11:10:26 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\àppPatch"
2006-07-31 16:03:08 1163264 ( A.... ) "C:\WINNT\system32\riwzkn.exe"
2006-07-26 09:23:36 ( .D... ) "C:\Program Files\iTunes"
2006-07-26 09:22:52 ( .D... ) "C:\Program Files\Last.fm"
2006-07-21 07:45:26 ( AD.H. ) "C:\Program Files\WindowsUpdate"
2006-07-12 10:41:46 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\F?nts"
2006-07-02 20:12:26 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-02 20:11:52 ( .D... ) "C:\Program Files\REGSHAVE"
2006-07-01 07:42:48 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\W?nSxS"
2006-06-29 10:02:40 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\?racle"
2006-06-25 19:08:00 ( .D... ) "C:\Program Files\Common Files\çasks"
2006-06-21 11:01:46 244240 ( A.... ) "C:\WINNT\unicows.dll"
2005-10-05 12:47:52 21952 ( ...H. ) "C:\Program Files\folder.htt"
2005-10-05 12:47:52 271 ( ...H. ) "C:\Program Files\desktop.ini"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-13 08:53 118,842 C:\WINNT\bwUnin-6.3.2.116-4476822L.exe
2006-08-12 12:10 106,496 C:\WINNT\Duce6.exe
2006-08-12 12:08 155,648 C:\WINNT\win320948-19083844.exe
2006-08-12 08:45 59,392 C:\WINNT\win32074448-1908382006.exe
2006-08-09 21:09 87,808 C:\WINNT\system32\S32EVNT1.DLL
2006-08-09 21:08 466,944 C:\WINNT\system32\capicom.dll
2006-08-09 19:31 244,240 C:\WINNT\unicows.dll
2006-08-07 16:02 534,208 C:\WINNT\system32\SymNeti.dll
2006-08-07 16:02 161,472 C:\WINNT\system32\SymRedir.dll
2006-08-06 13:44 45,056 C:\WINNT\system32\zkdmg.exe
2006-08-06 13:44 45,056 C:\WINNT\system32\ghynf.exe
2006-08-06 12:58 2 C:\WINNT\system32\wnscpsv.exe
2006-08-06 12:18 39,424 C:\WINNT\mtuninst.exe
2006-08-06 12:18 155,136 C:\WINNT\system32\oins.exe
2006-08-06 12:15 290 C:\WINNT\cnifd.dll
2006-08-06 12:12 45,056 C:\WINNT\system32zkdmg.exe
2006-08-06 12:12 380,928 C:\WINNT\system32\WinNB58.dll
2006-08-06 12:12 32,768 C:\WINNT\unstall.exe
2006-08-06 12:12 1,163,264 C:\WINNT\system32\riwzkn.exe
2006-08-06 12:11 45,056 C:\WINNT\system32ghynf.exe
2006-08-06 12:11 28,672 C:\WINNT\system32bez6n4r21.exe
2006-08-06 12:11 28,672 C:\WINNT\system32\iqqr.exe
2006-08-06 12:11 28,672 C:\WINNT\system32\bez6n4r21.exe
2006-08-06 12:11 139,264 C:\WINNT\MirarSetup_876075.exe
2006-07-21 07:45 465,176 C:\WINNT\system32\wuapi.dll
2006-07-21 07:45 41,240 C:\WINNT\system32\wups.dll
2006-07-21 07:45 194,328 C:\WINNT\system32\wuaueng1.dll
2006-07-21 07:45 18,200 C:\WINNT\system32\wups2.dll
2006-07-21 07:45 172,312 C:\WINNT\system32\wuauclt1.exe
2006-07-21 07:45 127,256 C:\WINNT\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"WUSB11B.exe"="C:\\Program Files\\WUSB11 WLAN Monitor\\WUSB11B.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1129679496\\ee\\AOLHostManager.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"paeibfqA"="C:\\WINNT\\paeibfqA.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"win320948-19083844"="C:\\WINNT\\win320948-19083844.exe"
"TheMonitor"="C:\\WINNT\\Duce6.exe"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Saaw"="\"C:\\WINNT\\system32\\APPATC~1\\dvdplay.exe\" -vt ndrv"
"Ccqh"="C:\\Program Files\\Common Files\\?asks\\?hkdsk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\NetMeeting\\kyzez.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Internet Explorer\\howywyl.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Puku"="C:\\Program Files\\Common Files\\??crosoft.NET\\?serinit.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
C:\WINNT\tasks\Scheduled scanning task.job

Completion time: Sun 08/20/2006 20:10:48.47
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt


Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:21:26 PM, on 8/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1129679496\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\win320948-19083844.exe
C:\WINNT\Duce6.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\WINNT\system32\APPATC~1\dvdplay.exe
C:\Program Files\Common Files\?asks\?hkdsk.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [win320948-19083844] C:\WINNT\win320948-19083844.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Thanks!
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
1. Please download Ewido Anti-Malware
  • Install ewido anti-malware
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
  • 0

#5
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Sorry that took so long, I don't have much time to spend on this each day...

I had to actually reboot in "Safe Mode with Internet Connections" to get Ewido to work.

Here's the Ewido Log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:42:12 PM 8/23/2006

+ Scan result:



C:\Documents and Settings\Administrator\Start Menu\Play Poker Online!.lnk -> Adware.Generic : No action taken.
C:\WINNT\amm06.ocx -> Adware.MediaMotor : No action taken.
C:\WINNT\unstall.exe -> Adware.MediaMotor : No action taken.
C:\WINNT\mtuninst.exe -> Adware.MediaTickets : No action taken.
C:\WINNT\system32\WinNB58.dll -> Adware.Mirar : No action taken.
C:\Program Files\Common Files\Τasks\сhkdsk.exe -> Adware.PurityScan : No action taken.
C:\Program Files\Common Files\Міcrosoft.NET\υserinit.exe -> Adware.PurityScan : No action taken.
C:\WINNT\system32\services.dll -> Adware.PurityScan : No action taken.
C:\WINNT\MirarSetup_876075.exe -> Adware.SaveNow : No action taken.
C:\WINNT\system32\bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32\ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32\zkdmg.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32zkdmg.exe -> Adware.SearchAssistant : No action taken.
C:\WINNT\system32\iqqr.exe -> Adware.Suggestor : No action taken.
C:\WINNT\system32\riwzkn.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-5642235e-67ca792d.zip/web.exe -> Downloader.Delf.ags : No action taken.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-68f7ffc7-3e9049a9.zip/web.exe -> Downloader.Delf.ags : No action taken.
C:\WINNT\Мicrosoft\dexplore.exe -> Downloader.PurityScan.cl : No action taken.
C:\Program Files\Internet Explorer\howywyl.html -> Hijacker.Small.jf : No action taken.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-5642235e-67ca792d.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-68f7ffc7-3e9049a9.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1e4e9a3b-4348aec3.zip/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : No action taken.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.239:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.237:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.290:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : No action taken.
:mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Starware : No action taken.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.209:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : No action taken.
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.209:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][10].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][11].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][12].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][13].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][14].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][15].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][16].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][18].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][19].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][20].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][4].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][5].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][6].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][7].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][8].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][9].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v7moh33a.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

And the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:50:06 PM, on 8/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ms074448-190838] C:\WINNT\ms074448-190838.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Ins
  • 0

#6
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I just realized the HijackThis log got cut off so here it is again:
Logfile of HijackThis v1.99.1
Scan saved at 7:50:06 PM, on 8/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129679496\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ms074448-190838] C:\WINNT\ms074448-190838.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Thanks,

Erica
  • 0

#7
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Erica
I m really sorry I was away for a week and I meant to have someone pick up your log for me and I forgot :whistling:

Could you post back a fresh HJT log for me please
  • 0

#8
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Don,

In the meantime, I have been trying all the cleanup programs recommended here. Thinks are somewhat improved but I still get popups. I will do a Hijack this log later on today, when I get home from work.

I hope you were having a nice vacation?

Thanks for all your help,

Erica
  • 0

#9
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,
So. in the meantime this is what I did:
Ran WinsockXPFix... it gave an error message.
Ran CleanUp!...it removed about 5000 things.
Ran Ad-aware...removed some stuff.
Ran CWShreder...I don't remember if it found any.
Ran Spybot S&D... removed some stuff. Had to run twice to remove everything.
Ran Ewido...found & removed many things.
Ran Ewido again... found some of the same things...a bad sign, I believe.
Got Windows updates.
Set IE security based on this group's recommendations.

Things are much, much better than they were before - I can get my email, Task manager doesn't show a bunch of uninvited apps, popups are mostly gone.

Here's my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:48 PM, on 8/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\Duce6.exe
C:\WINNT\ms0684448-19083.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\APPATC~1\dvdplay.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\?asks\?hkdsk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\Anti-Spyware\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - {4538833F-49F1-6606-A0AB-1043BD12F79E} - C:\WINNT\system32\lyqhd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {4538833F-49F1-6606-A0AB-1043BD12F79E} - C:\WINNT\system32\lyqhd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [ms0684448-19083] C:\WINNT\ms0684448-19083.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Thanks!

Erica
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

Ran WinsockXPFix... it gave an error message.

was unnecessary to run it thats why it gave you an error message,
Lets just have a look at an uninstall list and then we will get startered
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#11
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Don,

OK here's that HJT Uninstall list:

Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
ALLOUT v1.4a
BINIAX
Bricks '2000
BrickShooter
CleanUp!
Cloudtris
Creative Jukebox Driver
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
Cubemaster Gold v4.3
DirectX 9 Hotfix - KB839643
Disk Investigator 1.32
ewido anti-spyware 4.0
Fatman Blocks v1.0
FinePixViewer Ver.4.3
FUJIFILM USB Driver
Hex
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
Instant Wireless USB Adapter
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Last.fm 1.0.1
Macromedia Flash Player 8
Microsoft Office 97, Professional Edition
Mozilla Firefox (1.5.0.6)
OLYMPUS CAMEDIA Master 4.2
OverDrive Media Console
QuickTime
RAW FILE CONVERTER LE
Restorer2000 Demo
Roll
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Spybot - Search & Destroy 1.4
Update Rollup 1 for Windows 2000 SP4
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922616
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
Wiz Solitaire

Thanks,

Erica
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R3 - URLSearchHook: (no name) - {4538833F-49F1-6606-A0AB-1043BD12F79E} - C:\WINNT\system32\lyqhd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4538833F-49F1-6606-A0AB-1043BD12F79E} - C:\WINNT\system32\lyqhd.dll
O4 - HKLM\..\Run: [paeibfqA] C:\WINNT\paeibfqA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\Duce6.exe
O4 - HKLM\..\Run: [ms0684448-19083] C:\WINNT\ms0684448-19083.exe
O4 - HKCU\..\Run: [Saaw] "C:\WINNT\system32\APPATC~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [Ccqh] C:\Program Files\Common Files\?asks\?hkdsk.exe
O15 - Trusted Zone: *.stumbleupon.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemed...s/mediaview.cab


Close out HJT

Open Ewido and check it for updates, download any updates found and close out the program

reboot to safe mode and run a scan with it please, when it has completed scanning below the window that shows what it has found click on Actions and coose to quaratine everything, save the log again please,


Reboot to normal mode and post back a fresh HJT log and the log from Ewido scan please
  • 0

#13
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK, I did those things. While I was in normal mode I had one popup from: http://ad.oinadserver.com

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:45:44 AM, on 9/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Anti-Spyware\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINNT\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:38:10 AM 9/2/2006

+ Scan result:



C:\WINNT\system32\AрpPatch\dvdplay.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1e4e9a3b-4348aec3.zip/A.class -> Not-A-Virus.Exploit.Java.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\20ccxfgy.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).


::Report end
  • 0

#14
Erica Kline

Erica Kline

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I found a folder called rzqzd in c:/ProgramFiles/CommonFiles
It has a bunch of files:
rzqza.lck - 0 KB
rzqzl.lck - 0 KB
rzqzm.lck - 0 KB
rzqzh 2 KB

a folder: rzqzd containing 2 files:
class-barrel - 4818 KB
vocabulary - 1206 KB

Is this something bad I should delete?

Thanks,

Erica
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Erica,
Yes go ahead and delete the folder

aslo lets run an online scan


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP