Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti-virus Gold infection [RESOLVED]

Started by maxkool , Jun 26 2005 01:51 PM

  • This topic is locked This topic is locked

#1
maxkool
Posted 26 June 2005 - 01:51 PM

maxkool

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

I think I have been infected by this Antivirus GOld infection. I have scanned my PC using- Symantec which was there from start.
2. Microsoft Antispyware.
3. Yahoo Antispy tool.

Now they dont show me any thing. But everytime I start a IE browser,
"http://www.oneclicksearches.com/" this pops up althougth, in Tools -> internet options its set to blank page.
Here is the log of HJT.

In the log file, I have deleted the value of domain from this text file.

What should be done.

Thanks in advance.




Logfile of HijackThis v1.99.1
Scan saved at 15:50:48, on 26/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WordWeb\wweb32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Autodesk\INventor\Inventor 9\Bin\Inventor.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Autodesk\MDT 2005\acad.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpD774.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: WordWeb.lnk = C:\WordWeb\wweb32.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arab Bank Online Banking Service - https://www.arabi-on...inpages/ibs.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn....m/c174/chat.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{57C1FE75-13BB-45EE-B4DD-F193588F99B1}: NameServer = 100.32.0.101,192.168.0.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements

#2
Kristy
Posted 15 July 2005 - 03:49 AM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 2 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

~Kristy
  • 0

#3
maxkool
Posted 17 July 2005 - 12:32 AM

maxkool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Kristy,

I did what u had told and here is the log files. FYI, when i RMB on desktop, and chk the display properties, it only shows two options for screensaver and another one for settings. Other options are not shown. :tazz:

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Saturday, July 16, 2005 22:02:52
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/07/2005
Kaspersky Anti-Virus database records: 138452
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 106979
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 3963 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200001.VBN Infected: Trojan-Downloader.Win32.Delf.pa
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200002.VBN Infected: Trojan.Win32.Agent.eo
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02200003.VBN Infected: Trojan.Win32.Agent.eo
C:\WINDOWS\system32\hhk.dll Infected: Trojan.Win32.Puper.x

Scan process completed.

***************************************
*****************************************
******************************************
*******************************************
Logfile of HijackThis v1.99.1
Scan saved at 08:17:38, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Nokia\PC Suite\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WordWeb\wweb32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Yahoo!\MESSEN~1\YPager.exe
C:\adobe\Photoshop CS2\Photoshop.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Adobe\Adobe Bridge\Bridge.exe
C:\DOCUME~1\RAHULS~1.THY\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpD774.tmp (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia\PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - Startup: WordWeb.lnk = C:\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arab Bank Online Banking Service - https://www.arabi-on...inpages/ibs.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn....m/c174/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV3 - Activex Control) - http://support.fujit...api/activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\Software\..\Telephony: DomainName = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CCS\Services\Tcpip\..\{57C1FE75-13BB-45EE-B4DD-F193588F99B1}: NameServer = 192.168.1.3,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

***************************************
*****************************************
******************************************
*******************************************

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Animator
AutoCAD 2005 Express Tools Volumes 1-9
Autodesk DWF Viewer
Autodesk Inventor 9
CleanUp!
DivX
DivX Player
Driver&Utilities CD-ROM Software
Elevate
eMusic - 50 Free MP3 offer
Hello (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Internet Update
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Java Web Start
Kaspersky Anti-Virus Web Scanner
LeaCar MASS-Q(uantities)
LeaCar PDS 1.2.x - ParameterDrivenSuppression for R9SP2
LeaCar SkelAssemble
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Shockwave Player
MATLAB Family of Products Release 12
Mechanical Desktop 2005
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Firewall Client
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
MSN Messenger 6.2
Netscape (7.1)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
pdfFactory Pro
Photomatix Pro version 2.0.5
Picasa 2
Pruefbescheinigungen
QuickMonitorProfile 2.0.0.1
QuickTime
RealPlayer
RegScrubXP 3.25
SAVERA Ride Software 2.0
Scan2CAD v7
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy 1.4
STAAD.Pro 2004
Sun Download Manager v1.1
Symantec AntiVirus
TETA
The New English-German Dictionary
The Panorama Factory
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
WordWeb
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
YIPPEE - Yet (another) Inventor ProPErty Editor

***************************
****************************
******************************

well i dont find any thing strange in this uninstall list.

Now what to do??

Thnkx for help.

maxkool
  • 0

#4
Kristy
Posted 17 July 2005 - 06:02 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello maxkool,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpD774.tmp (file missing)
(Only place a check by the ones below if you do not know what they are.)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO

Close all open windows except for HijackThis and click Fix Checked.

===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

~Kristy :tazz:
  • 0

#5
maxkool
Posted 18 July 2005 - 11:51 AM

maxkool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello,
I did what u told me to do. here are the log files.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:18:36, 18/07/2005
+ Report-Checksum: C7974879

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\f0owtzta.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.6:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.9:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.11:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:C:\Documents and Settings\rahul.singh\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Default User\7ope2rav.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\R\sts1he4v.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\default\lgd036nb.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rahul.Singh.THYSSENKRUPPELE\Application Data\Mozilla\Profiles\Rahul\xjvf6so7.slt\Profiles\Rahul\xjvf6so7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup


::Report End

**********************
Log file of smitfiles.
Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

shopping


~~~ system32 folder ~~~

wp.bmp
hhk.dll
logfiles


~~~ Windows directory ~~~

screen.html
sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!

******************
end report
******************

Log files of HJT
Logfile of HijackThis v1.99.1
Scan saved at 20:12:40, on 18/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\ewido\security suite\ewidoctrl.exe
C:\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Nokia\PC Suite\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WordWeb\wweb32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Yahoo!\MESSEN~1\YPager.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia\PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: WordWeb.lnk = C:\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arab Bank Online Banking Service - https://www.arabi-on...inpages/ibs.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn....m/c174/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV3 - Activex Control) - http://support.fujit...api/activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\Software\..\Telephony: DomainName = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CCS\Services\Tcpip\..\{57C1FE75-13BB-45EE-B4DD-F193588F99B1}: NameServer = 192.168.1.3,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = THYSSENKRUPPELEVATOR.JO
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

I dont think so that there are ne more virus remaining now. ;)

However the log of Panda is not there. Since I ran the cleaner but it didnt give me ne option for log file. ALso it didnt find ne virus. It ran clean.


Thx for ur :tazz:

maxkool
  • 0

#6
Kristy
Posted 18 July 2005 - 12:25 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello maxkool,

Congratulations! Your log is clean!

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

~Kristy :tazz:
  • 0

#7
maxkool
Posted 19 July 2005 - 12:32 AM

maxkool

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello Kristy,

Thanks for ur help. :tazz:

I hav symantec antivirus running online. Within a few days Spy-Doctor will also be installed on my PC. Other than that, I have Microsoft Spyware and Yahoo Spy ware installed.

I dont use IE for most of my browsing. I use Netscape. ;)

It was nice to know that my PC is now free and clean.

Thanks

maxkool
  • 0

#8
Kristy
Posted 19 July 2005 - 12:41 AM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP