Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help remove trojan

Started by wickkidda , Sep 13 2006 05:10 PM

  • Please log in to reply

#1
wickkidda
Posted 13 September 2006 - 05:10 PM

wickkidda

    Member

  • Member
  • PipPipPip
  • 129 posts
I had SpywareQuake and I used the guide here to get rid of it, but there still is something wrong. Please help.


Logfile of HijackThis v1.99.1
Scan saved at 7:06:15 PM, on 9/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\a1af9651.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system\MMAUSBCM.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Matthew\Desktop\HijackThis.exe

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsek.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g6152828.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\System32\jkkkklm.dll (file missing)
O2 - BHO: (no name) - {EB4FC719-9495-4E69-91DC-FF23388BB44F} - C:\WINDOWS\System32\gebcc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a1af9651.exe] C:\WINDOWS\System32\a1af9651.exe
O4 - HKLM\..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a1af9651.exe] C:\Documents and Settings\Matthew\Local Settings\Application Data\a1af9651.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: MMAUSBCM.LNK = C:\WINDOWS\system\MMAUSBCM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: h618 - C:\WINDOWS\g34235718.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

Advertisements

#2
loophole
Posted 13 September 2006 - 07:10 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

You have a couple different things going on

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
  • 0

#3
wickkidda
Posted 13 September 2006 - 11:15 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Ya know, I was just trying to close all these processes in my task manager that start with "is", and they just kept coming back. And now Smitfraudfix is showing them to be malicious. Here is the log.




SmitFraudFix v2.87

Scan done at 1:13:10.26, Thu 09/14/2006
Run from C:\Documents and Settings\Matthew\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matthew\Application Data

C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Matthew\STARTM~1\SpyQuake2.com 2.3.lnk FOUND !
C:\DOCUME~1\Matthew\STARTM~1\Programs\SpyQuake2.com FOUND !
C:\DOCUME~1\Matthew\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Matthew\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"

[HKEY_CLASSES_ROOT\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
loophole
Posted 14 September 2006 - 05:14 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Ok trhis is a big step but hopefully Ewido will get rid of the other problem you have also

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Download and update Ewido.

First download Ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete, run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet


2. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
5. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

6. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

7. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Note: IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close Ewido and Reboot back into Normal Windows Mode

9. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

10. Please Post the following logs:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Edited by loophole, 16 September 2006 - 11:24 PM.

  • 0

#5
wickkidda
Posted 14 September 2006 - 06:28 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Rapport.exe

-----------------


SmitFraudFix v2.87

Scan done at 19:34:42.78, Thu 09/14/2006
Run from C:\Documents and Settings\Matthew\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"

[HKEY_CLASSES_ROOT\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InProcServer32]
@="C:\WINDOWS\g34235718.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\g6152828.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"

[HKEY_CLASSES_ROOT\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InProcServer32]
@="C:\WINDOWS\admparsek.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
wickkidda
Posted 14 September 2006 - 06:29 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:17 PM 9/14/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888 -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Start Menu\Programs\SpyQuake2.com -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3 Website.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Start Menu\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\VundoFix Backups\iifcdec.dll.bad -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkkkklm.dll.bad -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ljjhffc.dll.bad -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\WINDOWS\g145203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21151359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g34235718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8187437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1040] C:\WINDOWS\g34235718.dll -> Downloader.Delf.amb : Error during cleaning.
[256] C:\WINDOWS\g34235718.dll -> Downloader.Delf.amb : Error during cleaning.
C:\Documents and Settings\Matthew\Local Settings\Application Data\a1af9651.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\a1af9651.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\HI1KCDEX\c[1].php -> Hijacker.Linker.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\X1TLVEXG\c[1].php -> Hijacker.Linker.b : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.728:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.783:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.436:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.782:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.497:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.710:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.778:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.702:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\matthew@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.230:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.231:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.569:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\m9jggeip.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\VundoFix Backups\Update.exe.bad -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end
  • 0

#7
wickkidda
Posted 14 September 2006 - 06:31 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:26:47 PM, on 9/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system\MMAUSBCM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Matthew\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\admparsek.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt1.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\g6152828.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\System32\jkkkklm.dll (file missing)
O2 - BHO: (no name) - {EB4FC719-9495-4E69-91DC-FF23388BB44F} - C:\WINDOWS\System32\gebcc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [a1af9651.exe] C:\Documents and Settings\Matthew\Local Settings\Application Data\a1af9651.exe
O4 - Startup: .protected
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: MMAUSBCM.LNK = C:\WINDOWS\system\MMAUSBCM.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O20 - Winlogon Notify: h618 - C:\WINDOWS\g34235718.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#8
wickkidda
Posted 14 September 2006 - 06:34 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
I just want to say I appreciate what you guys do. Thank you in advance. I'll check back in for your next response. :whistling:
  • 0

#9
loophole
Posted 14 September 2006 - 06:34 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great job :whistling:

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt,.
  • 0

#10
wickkidda
Posted 14 September 2006 - 06:38 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
By the way, very good instructions. I just wanted to point something out in case this needs to be corrected. (This just how it was for me.) For this part in Ewido:

# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).


Just going to the Reports icon actually didn't let me "Save report as". I had to click "Save Report" in the Scanner section, which took me straight to the Report section, and then I could click "Save Report as". Other than that, flawless. Thanks. :whistling:
  • 0

Advertisements

#11
loophole
Posted 14 September 2006 - 06:48 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Thanks, I will check that out and fix it :whistling: You didnt miss my last post did you, Just making sure

Edited by loophole, 14 September 2006 - 06:49 PM.

  • 0

#12
wickkidda
Posted 14 September 2006 - 07:36 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Yes, I did miss it, but I just got it now.

I ran that file and it didn't install anything or create a folder on my desktop. It just ran like it already was installed and then said the computer will reboot immediately and then it didn't, but it did take away my windows explorer, so I was left with an empty screen and had to reboot manually. I guess I'll try again. Maybe I didn't do it right.
  • 0

#13
loophole
Posted 14 September 2006 - 07:38 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Look here c:\windelf.txt and see if that was created, if not please do run it again

Thanks :whistling:

Edited by loophole, 14 September 2006 - 07:40 PM.

  • 0

#14
wickkidda
Posted 14 September 2006 - 07:46 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
There is no windelf.txt, and I tried running it twice. But there is a delfiles.bat.
  • 0

#15
wickkidda
Posted 14 September 2006 - 07:53 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts
Ok, what I did this time was run the installer, and instead of pressing any key like it said i just closed it. I saw that it created 4 files on my desktop (not in a folder). They are called delfiles.bat, process.exe, reboot.exe, and restart.exe. I decided to try delfiles.bat and it ran a program and gave me windelf.txt. Here it is.




--- File(s) found in Windows directory ---
g14669484.dll
g2422750.dll
g27753828.dll
g6152828.dll

--- File(s) found in system32 folder ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"


--- sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00618 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g34235718.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g34235718.dll"
"ThreadingModel"="Apartment"


--- sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InprocServer32]
@="C:\\WINDOWS\\g6152828.dll"
"ThreadingModel"="Apartment"


--- sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InprocServer32]
@="C:\\WINDOWS\\admparsek.dll"
"ThreadingModel"="Apartment"



--- Notify key ---
subkey h618 is present!

Finished!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP