Panda still picked up some spyware it could not disinfect. All requested logs are posted below.
Oh yes and ABK is a program called Anti-Boss Key.
Logfile of HijackThis v1.99.1
Scan saved at 11:47:23 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ABK\abk.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [ABK] C:\Program Files\ABK\abk.exe /q
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cabO16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -
http://site.ebrary.c...s/ebraryRdr.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} -
http://www.gigex.com.../gigexagent.dllO16 - DPF: {72FF22A1-8BF1-11D5-9A3D-000021506A27} (ShClass Class) -
http://216.226.129.108/short.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
http://www.icq.com/c...ar/toolbaru.cabO16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
http://fdl.msn.com/z...s/heartbeat.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo....plorer1_9us.cabO16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) -
http://us.dl1.yimg.c...bio4_0_2_10.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://pv3fd.pav3.ho...ex/HMAtchmt.ocxO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -
http://www29.compaq....co/SysQuery.cabO23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Incident Status Location
Spyware:spyware/betterinet No disinfected C:\WINDOWS\SYSTEM32\in10b6s.dll
Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:adware/searchaid No disinfected C:\DOCUMENTS AND SETTINGS\STORM46\FAVORITES\Search the Web.url
Adware:adware/imgiant No disinfected C:\DOCUMENTS AND SETTINGS\STORM46\DESKTOP\Download Movies.url
Dialer:dialer generic No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\dialer.exe
Adware:adware/funweb No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.5.inf
Adware:adware/sahagent No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sporder_.dll
Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/comet No disinfected C:\WINDOWS\INF\dm.inf
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MedCh
Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Intrigue Learning
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Spyware:spyware/cydoor No disinfected C:\WINDOWS\SYSTEM\AdCache
Adware:adware/mywebsearch No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\WINDOWS\SYSTEM32\in10b6s.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\xmltok.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL2.DLL
Dialer:Dialer.Gen No disinfected C:\WINDOWS\Downloaded Program Files\webcam.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.5.inf
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Adware:Adware/BrowserAid No disinfected C:\Documents and Settings.000\Owner\Local Settings\Temp\_PS_INST.EXE[rundll16.exe]
Adware:Adware/BrowserAid No disinfected C:\Documents and Settings.000\Owner\Local Settings\Temp\_PS_INST.EXE[rundll16.dll]
Adware:Adware/PortalScan No disinfected C:\Documents and Settings.000\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABI123\fsc2k[1].htm
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\OPTIMIZE.EXE
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\bundleinstall.exe
Adware:Adware/BrowserAid No disinfected C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE
Adware:Adware/BrowserAid No disinfected C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE[msiefr40.dll]
Adware:Adware/BrowserAid No disinfected C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE[install.dll]
Adware:Adware/FunWeb No disinfected C:\Hijackthis\backups\backup-20050802-030155-721.inf
Adware:Adware/KeenValue No disinfected I:\WINDOWS\SYSTEM32\in10b6s.dll
Adware:Adware/SAHAgent No disinfected I:\WINDOWS\SYSTEM32\xmltok.dll
Adware:Adware/P2PNetworking No disinfected I:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled
Adware:Adware/P2PNetworking No disinfected I:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL2.DLL
Dialer:Dialer.Gen No disinfected I:\WINDOWS\TEMP\nsiE7.exe
Dialer:Dialer.Gen No disinfected I:\WINDOWS\TEMP\nsiB9.exe
Dialer:Dialer.Gen No disinfected I:\WINDOWS\TEMP\nsi125.exe
Dialer:Dialer.Gen No disinfected I:\WINDOWS\TEMP\nsi13F.exe
Dialer:Dialer.Gen No disinfected I:\WINDOWS\TEMP\nsi128.exe
Adware:Adware/IESearchBar No disinfected I:\WINDOWS\TEMP\temp.cab[stoolbar.dll]
Adware:Adware/MSView No disinfected I:\WINDOWS\TEMP\msiein\CAB37729.8103454861\MSView.inf
Dialer:Dialer.Gen No disinfected I:\WINDOWS\Downloaded Program Files\webcam.exe
Adware:Adware/FunWeb No disinfected I:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.5.inf
Adware:Adware/SAHAgent No disinfected I:\WINDOWS\Downloaded Program Files\xmltok_.dll
Spyware:Spyware/New.net No disinfected I:\WINDOWS\NDNuninstall4_88.exe
Adware:Adware/FunWeb No disinfected I:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
Adware:Adware/FunWeb No disinfected I:\Program Files\FunWebProducts\Installr\f3Setup1.exe
Adware:Adware/FunWeb No disinfected I:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
Adware:Adware/MyWebSearch No disinfected I:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
Adware:Adware/TVMedia No disinfected I:\Documents and Settings\LTRAIN69\Local Settings\Temp\Tvm.upd
Adware:Adware/BrowserAid No disinfected I:\Documents and Settings.000\Owner\Local Settings\Temp\_PS_INST.EXE[rundll16.exe]
Adware:Adware/BrowserAid No disinfected I:\Documents and Settings.000\Owner\Local Settings\Temp\_PS_INST.EXE[rundll16.dll]
Adware:Adware/PortalScan No disinfected I:\Documents and Settings.000\Owner\Local Settings\Temporary Internet Files\Content.IE5\89ABI123\fsc2k[1].htm
Spyware:Spyware/Dyfuca No disinfected I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\OPTIMIZE.EXE
Spyware:Spyware/BargainBuddy No disinfected I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\bundleinstall.exe
Adware:Adware/BrowserAid No disinfected I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE
Adware:Adware/BrowserAid No disinfected I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE[msiefr40.dll]
Adware:Adware/BrowserAid No disinfected I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\_PS_INST.EXE[install.dll]
smitRem log file
version 2.3
by noahdfear
The current date is: Tue 08/02/2005
The current time is: 13:38:51.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ShudderLTD key present! Running LTDFix!
ShudderLTD key was successfully removed!
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
quick launch PSGuard spyware remover.lnk
~~~ Favorites ~~~
cars
sexual life
shopping
job search.url
poker.url
Black Jack Online.url
Black Jack Online.url
Home Loan.url
Network Security.url
Online Pharmacy.url
Remove Spyware.url
Spam Filters.url
Take It Here - Free * TGP.url
Web Detective.url
Online Gambling folder
~~~ system32 folder ~~~
intell32.exe
oleext.dll
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles
~~~ Icons in System32 ~~~
viagra
~~~ Windows directory ~~~
sites.ini
popuper.exe
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
shopping
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:16:47 PM, 8/2/2005
+ Report-Checksum: ED415580
+ Scan result:
C:\WINDOWS\SYSTEM32\EGDHTML_1023.dll -> TrojanDownloader.Wintrim.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\Amcis2.dll -> Spyware.Aureate : Cleaned with backup
C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\celebxx2.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\WINDOWS\PCTPTT.EXE -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\clipg.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\dr_uninstall.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Match It\Amcis2.dll -> Spyware.Aureate : Cleaned with backup
C:\Program Files\Match It\IPCClient.dll -> Spyware.Aureate : Cleaned with backup
C:\Program Files\Uninstall My Web Search.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\cpmenu.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings.000\Owner\Cookies\owner@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings.000\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\Cookies\ltrain69@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\LYCOS_SS.EXE -> Spyware.Sidesearch.a : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[4].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@oxcash[1].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
I:\WINDOWS\SYSTEM32\IPCClient.dll -> Spyware.Aureate : Cleaned with backup
I:\WINDOWS\SYSTEM32\EGDHTML_1023.dll -> TrojanDownloader.Wintrim.h : Cleaned with backup
I:\WINDOWS\SYSTEM32\Amcis2.dll -> Spyware.Aureate : Cleaned with backup
I:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
I:\WINDOWS\SYSTEM32\sahagent1013.exe -> Adware.SAHA : Cleaned with backup
I:\WINDOWS\Downloaded Program Files\celebxx2.exe -> Dialer.Generic : Cleaned with backup
I:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
I:\WINDOWS\PCTPTT.EXE -> Dialer.Generic : Cleaned with backup
I:\WINDOWS\newdotnet3_36.dll -> Spyware.NewDotNet : Cleaned with backup
I:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
I:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
I:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
I:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
I:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
I:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
I:\WINDOWS\clipg.exe -> Trojan.Imiserv.c : Cleaned with backup
I:\WINDOWS\salmbundle.exe -> Trojan.Imiserv.c : Cleaned with backup
I:\WINDOWS\dr_uninstall.exe -> Trojan.Imiserv.c : Cleaned with backup
I:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
I:\Program Files\Match It\Amcis2.dll -> Spyware.Aureate : Cleaned with backup
I:\Program Files\Match It\IPCClient.dll -> Spyware.Aureate : Cleaned with backup
I:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
I:\Program Files\MySearch\bar\1.bin\S42NS.EXE -> Spyware.MyWay : Cleaned with backup
I:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE -> Spyware.MyWebSearch : Cleaned with backup
I:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL -> Spyware.MyWebSearch : Cleaned with backup
I:\cpmenu.exe -> Dialer.Generic : Cleaned with backup
I:\Documents and Settings\storm46\Local Settings\Temp\H4.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\storm46\Local Settings\Temp\7RJnqMjW.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\storm46\Cookies\storm46@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
I:\Documents and Settings\storm46\Cookies\
[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
I:\Documents and Settings\storm46\Cookies\
[email protected][2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
I:\Documents and Settings\storm46\Cookies\
[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
I:\Documents and Settings\storm46\Cookies\storm46@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
I:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Local Settings\Temp\6AaTem.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\ltrain69@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiancjefpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\ltrain69@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\ltrain69@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
I:\Documents and Settings\LTRAIN69\Cookies\ltrain69@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\LoDbqsa.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\LR01UW2.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\8T8l.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\mynut2.exe/enhupdt.exe -> TrojanDownloader.OneClickNetSearch.h : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\0GY.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\SWEETIE\Local Settings\Temp\w2RL2zB0z.dll -> Adware.MidADle : Cleaned with backup
I:\Documents and Settings\SWEETIE\Cookies\
[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
I:\Documents and Settings\SWEETIE\Cookies\sweetie@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
I:\Documents and Settings\SWEETIE\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
I:\Documents and Settings\SWEETIE\Cookies\sweetie@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
I:\Documents and Settings\SWEETIE\Cookies\sweetie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
I:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
I:\Documents and Settings.000\Owner\Cookies\owner@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
I:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
I:\Documents and Settings.000\Owner\Cookies\
[email protected][1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
I:\Documents and Settings.000\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\Cookies\ltrain69@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Local Settings\Temp\LYCOS_SS.EXE -> Spyware.Sidesearch.a : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[4].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\ltrain69@oxcash[1].txt -> Spyware.Cookie.Oxcash : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
I:\Documents and Settings.000\LTRAIN69\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
::Report End
Edited by justsumguru, 02 August 2005 - 10:59 PM.