Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP with Aurora ABI Network [RESOLVED]


  • This topic is locked This topic is locked

#1
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Member
  • PipPip
  • 12 posts
Hi...I used to think I was somewhat computer literate - most of the times I could find and fix problems. But right now I have 2.

1. 180 Search Assistant
2. Aurora Pop-Ups

If there is anyone who can help me that would be great. Do I need to download the HijackThis software I keep reading about?

THANKS!
  • 0

Advertisements


#2
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Hello and welcome to Geeks To Go.

Please read this post and follow the instructions there.

In order to get a better idea of whats happening with your computer:
  • Please download the latest version of HiJackThis from either Site 1 or Site 2
  • Copy it into its own folder, doubleclick HijackThis.exe, and hit "Do a system scan and save a logfile"
  • When the scan is finished, it will ask you to save the log. Just save it anywhere that you will remember like your desktop.
  • After you save it, the log will open in notepad. In notepad, press Ctrl-A to Select All, and copy its contents in a reply to this post.
  • Most of what it lists will be harmless or even essential
  • Don't Fix Anything Yet
Good Luck

ScHwErV :tazz:
  • 0

#3
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, I ran through all of the steps and installations and cleaners. Here is my HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 4:55:30 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\WINDOWS\system32\midmeui.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinMX\WinMX.exe
C:\WINDOWS\system32\untgraph.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\KRISTINA BROOKS\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: Var2Helper Class - {7412C042-43B8-4F63-AEF3-E786DFAD1484} - C:\WINDOWS\system32\imwire28.dll
O2 - BHO: ohb Class - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf1.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IMwire] C:\WINDOWS\system32\imwireup.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Crgyn] C:\Program Files\Ieizvjp\Zasxbr.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r34T33i] midmeui.exe
O4 - HKLM\..\Run: [q89p1hq2] C:\WINDOWS\system32\q89p1hq2.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [urhwcu] c:\windows\system32\bpurbui.exe r
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [a0v3RTGqS] untgraph.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...04/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.c...lient/setup.exe
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsour...D_1.0.0.3ie.cab?
O18 - Protocol: SafeAuthenticate - {8125919B-9BE9-4213-A1D6-75188A22D21E} - C:\WINDOWS\MVNFILT3.DLL
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I've also gotten a message from Mcaffee 4 times in an hour that says I have a trojan virus is c:\windows\system32\tqmzxee.exe and that it is a Downloader ABS trojan. When I try to delete it, it says there was a problem encountered and that it cannot be cleaned, deleted or quarantined and that Mcaffee recommends a restart with a rescue disk....Now I'm really worried....Pleassse Help ME!!
  • 0

#4
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Lets not worry about McAfee right yet. I dont trust it on a clean machine, so I wouldnt want you to let it do anything to hinder what we will do here. If it gives you a problem during this fix, just disable it for now.

First:
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Now run HijackThis, click Scan, and place a checkmark next to each of the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [urhwcu] C:\windows\system32\bpurbui.exe r

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.
NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\bpurbui.exe (or whatever the name may have changed to, as noted above).

Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#5
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, I finally had the chance to run through all of the steps you lined out for me. First the Ewido scan file:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:51:45 AM, 7/31/2005
+ Report-Checksum: FD556909

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Admilli Service -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6024FCD5-91FC-4DC7-8481-63EABD5051D8} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4776F3A-6936-4A9C-B2DA-E57C239FD2F8} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF81672F-13FF-401F-8662-6E895C564CC4} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CLSID -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CurVer -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CLSID -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CurVer -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CLSID -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CurVer -> Spyware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{17973BD7-959C-4D8A-8B2F-AB200E20A75E} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{42F58F60-9299-4564-9ABD-8E9324844560} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{696D1AF8-D0FF-42FD-BD8D-D0B20D64F508} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6FE4AADF-EDAC-4037-9164-0B60179A4F12} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8FC08358-3634-44C7-A8F2-96DC7F39ACD2} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A797A41D-F9F0-4A32-B9B5-AF927CB5AE54} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A93B84C6-5278-473A-8027-F6304A291A7A} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B12508AD-CA55-4238-8DB3-55808BA6915A} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BF7CB2C3-55B6-44C1-9615-920D004C27F7} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DE53FA5D-11CC-4CB5-8D8E-EB5AA59C1E5A} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E38924F7-F290-4C13-BEEC-E8C587F58128} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F912C325-5B26-4AD6-BF39-84370833E972} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FA82A7EC-2AFC-4EE0-8F83-3229F7C6437E} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{64440E59-A0DD-421C-AA4B-268141D764BB} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F0F4C299-735E-4EAC-B2F9-F97324D5CC1D} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\UDConn.UDConnect -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\UDConn.UDConnect\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\UDConn.UDConnect\CurVer -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\aaa_soft -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\aaa_soft\kkkk -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\aaa_soft\pppp -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\aaa_soft\ssss -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\_dsktptr -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\_dsktptr\eeennn -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\_dsktptr\kkws -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\_dsktptr\ppops -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-2285574321-3718698027-605157428-1005\Software\_dsktptr\ssites -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-C1EC-0345-6EC2-4D0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D568F0F-8AC9-40AB-88B7-415134C78777} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7412C042-43B8-4F63-AEF3-E786DFAD1484} -> Spyware.SafeSurfing : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.584:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Kristina Brooks\Application Data\Mozilla\Firefox\Profiles\t58fsmxr.Kristina\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Kristina Brooks�
  • 0

#6
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Ill need a fresh HiJackThis log to continue.

ScHwErV :tazz:
  • 0

#7
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm sorry, I thought I had posted the HJT, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:31 AM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinMX\WinMX.exe
C:\WINDOWS\system32\untgraph.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kristina Brooks\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IMwire] C:\WINDOWS\system32\imwireup.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Crgyn] C:\Program Files\Ieizvjp\Zasxbr.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r34T33i] midmeui.exe
O4 - HKLM\..\Run: [q89p1hq2] C:\WINDOWS\system32\q89p1hq2.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [a0v3RTGqS] untgraph.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...04/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsour...D_1.0.0.3ie.cab?
O18 - Protocol: SafeAuthenticate - {8125919B-9BE9-4213-A1D6-75188A22D21E} - C:\WINDOWS\MVNFILT3.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#8
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Lets go after this again. It looks as though the aurora infection is gone, now we need to start on the rest of your infections.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [IMwire] C:\WINDOWS\system32\imwireup.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Crgyn] C:\Program Files\Ieizvjp\Zasxbr.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r34T33i] midmeui.exe
O4 - HKLM\..\Run: [q89p1hq2] C:\WINDOWS\system32\q89p1hq2.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [a0v3RTGqS] untgraph.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsour...D_1.0.0.3ie.cab?

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Media Access
NetRatingsNetmeter
Privacy Champion
AutoUpdate
ISRVS
WindowsSA

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\WINDOWS\isrvs\
C:\Program Files\WindowsSA\
C:\Program Files\Ieizvjp\
C:\Program Files\Media Access\
C:\Program Files\NetRatingsNetmeter\NetMeter\
C:\Program Files\Privacy Champion\
C:\Program Files\AutoUpdate\

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\conscorr.exe
C:\WINDOWS\system32\imwireup.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\system32\midmeui.exe
C:\WINDOWS\system32\q89p1hq2.exe
C:\WINDOWS\dinst.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\WINDOWS\system32\untgraph.exe

After that, Reboot.

After you reboot, let me know how things are running and how things went with the fix. Also, I will need 2 logs from HiJackThis (HJT). The first one is the normal one that you have been getting me, then I need an uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

ScHwErV :tazz:
  • 0

#9
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Things are running much smoother so far...I should really know by tomorrow. Regarding the delets, under HJT I did not delete the "run winmx" or "run limewire" as those are two of my programs. Also most of the other items you told me to look for were not there (I'm guessing that's good...). Now, under the Add/Remove Hardware, a lot of them said "An error occured while try tin remove XXXXXXX. It may have already been uninstalled. Would you like to remove from list?" I guessed OK was the correct one, so that is what I selected. However, one of those that did that was "Select Cash Back" which I was unfamiliar with, and another one that I was unfamiliar with is "WebSavings from Ebates". When I clicked "remove" it said Error: Could not execute Main : The system cannot find the file specified and is still listed in that menu.

Here is the HJT logfile of "Uninstall"

Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Download Manager 2.0 (solo quitar)
Adobe Reader 7.0
Burn4Free 1.0.0.568
CCleaner (remove only)
CleanUp!
Context Display
Dope Wars 2.2 for Windows
ewido security suite
HijackThis 1.99.1
ICQ
IMwire
Indeo® software
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.2_06
KODAK Picture CD
Learn2 Player (Uninstall Only)
Lemmings Revolution
Lemonade Tycoon
Lexmark Photo Center
Lexmark Z700-P700 Series
LimeWire 4.8.1
McAfee SecurityCenter
McAfee VirusScan
Microsoft Data Access Components KB870669
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Works 6.0
Mozilla Firefox (1.0.6)
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
PowerDVD
PureVoice
QuickTime
RealPlayer
Realtek AC'97 Audio
RON Display
SBC Self Support Tool
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SBC Yahoo! Messenger Explorer Bar
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy 1.3
Student ExplorIt -- AM
The Sims Makin' Magic
Trailer Park Tycoon
TSA
Update for Windows XP (KB898461)
Viewpoint Media Player
Visual IP InSight(SBC)
Web Savings from Ebates
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
Yahoo! extras
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

and here is my HJT logfile of my system scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:16:58 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinMX\WinMX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kristina Brooks\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...04/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: SafeAuthenticate - {8125919B-9BE9-4213-A1D6-75188A22D21E} - C:\WINDOWS\MVNFILT3.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Once again, thank you!
  • 0

#10
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Clean log! Things should be running quite a bit better.

For information on your p2p programs, check out this link.

http://www.spywarein...m/articles/p2p/

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

ScHwErV :tazz:
  • 0

Advertisements


#11
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I can't thank you enough for your help. I'm sorry that I can't donate to you right now, but I will be more than happy to once I have a paycheck in the bank. This site offers an invaluable service that everyone should support. Thank you for all of your help and for walking me through this step by step. I will start to download those recommended spyware fighters. Thank you thank you thank you thank you so much!

Kristina
  • 0

#12
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Your thanks is what I am here for, the donation is just a bonus kinda thing.

I will close this thread now as resolved, but if you need anything in the future, just send me a PM and well get you running again.

ScHwErV :tazz:
  • 0

#13
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
reopened
  • 0

#14
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Topic re-opened at users request.

Please post back here and let me know your newest symptoms and post a fresh HiJackThis log.

ScHwErV :tazz:
  • 0

#15
kbrooksatdublin.com

kbrooksatdublin.com

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok...newest problem...When we use media player to burn a disc, the same playlist burns no matter what. We have tried changing the playlist, burning it under "New playlist" and burning it under "New burn list". No matter what, it keeps burning the same 17 songs. I don't know what to do....HELP PLEASE

:tazz: Kris ;)

My most recent HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:17:53 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kristina Brooks\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0409&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...04/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-17.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: SafeAuthenticate - {8125919B-9BE9-4213-A1D6-75188A22D21E} - C:\WINDOWS\MVNFILT3.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP