Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ABI & Nail, etc... [RESOLVED]


  • This topic is locked This topic is locked

#1
elemes

elemes

    Member

  • Member
  • PipPip
  • 10 posts
I have nailfix. Here's the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:27 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\windows\system32\pkwxfd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HJT_and_more_1\HJT and more 1\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...art.cgi?np-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ldrwta.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteutt32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\IEDriver\TD.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\IEDriver\TD.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\system32\mscgdc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Greatly appreciate the assistance.
  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We'll use some clean-up tools first - if you already have any of these and you are sure they are the latest version then just skip and move on to the next one.

Click here to download CWShredder. Check for an update then run it, hit 'fix' as opposed to 'scan only'. Reboot when done.

Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file.
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Reboot when done.

Click here to download Microsoft AntiSpyware Beta, check for updates and run it. Reboot when done.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Once the updates are installed, reboot into Safe Mode by tapping F8 after the BIOS has loaded, then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
  • 0

#3
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:38:19 PM, 8/5/2005
+ Report-Checksum: D245813

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-21-516116760-3179742922-2167395947-1006\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-516116760-3179742922-2167395947-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A00C40B-DA85-4AA3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
[748] VM_00FB0000 -> Adware.BetterInternet : Error during cleaning
:mozilla.10:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.509:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Lisa Stanley\Application Data\Mozilla\Firefox\Profiles\n8yiper3.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lisa Stanley\Cookies\lisa stanley@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Lisa Stanley\Cookies\lisa stanley@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lisa Stanley\Cookies\lisa stanley@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Lisa Stanley\Local Settings\Temp\38.tmp\thnall1ac.exe -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\Lisa Stanley\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F824487D-1907-4DA7-831B-E26F90\EC699C98-CA80-4F0C-BBB6-618375 -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP392\A0090722.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP392\A0090723.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP392\A0090800.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP392\A0090867.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP392\A0090869.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP393\A0090884.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP394\A0090915.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP395\A0090924.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP395\A0090935.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP395\A0090936.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP397\A0090978.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP397\A0090984.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP397\A0090990.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0091008.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0091018.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0091019.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0091023.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0092018.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0092019.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0092027.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP398\A0092031.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP399\A0092032.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP400\A0092041.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP400\A0092047.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP401\A0092051.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP402\A0092069.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP402\A0092070.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP402\A0092075.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092076.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092081.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092095.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092102.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092112.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092113.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP403\A0092117.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP404\A0092142.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP404\A0092147.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP404\A0092178.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP405\A0092226.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP405\A0092229.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP405\A0093113.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP405\A0093121.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP406\A0093123.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP407\A0093144.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP407\A0093146.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP407\A0093156.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP407\A0093157.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP407\A0093161.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093169.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093185.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093187.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093193.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093200.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093201.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093203.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093222.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093223.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093227.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP408\A0093234.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP409\A0093240.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP410\A0093265.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP410\A0093291.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP410\A0093292.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP411\A0094291.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094350.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094351.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094352.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094353.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094354.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094355.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094357.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094362.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094367.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094369.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094385.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP413\A0094386.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP417\A0094451.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP417\A0095462.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP417\A0095474.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP417\A0095475.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095516.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095518.exe -> Spyware.SmartPops : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095519.dll -> Spyware.SmartPops : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095526.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095527.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095529.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095531.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095532.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095539.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095540.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095547.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095551.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095552.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095553.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP418\A0095564.dll -> Spyware.ClientMan : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095574.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095575.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095576.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095584.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095594.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095595.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095596.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095601.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP419\A0095606.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\gohbsxv.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BKGDAQZ\silent_setup[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitealp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteamj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteamp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteart32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteaul32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebdm32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebrd32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebsr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebym32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitecdx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitecop32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitecwy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedbz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedfg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedfm32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitednf32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitednl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteduh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitedzy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteeei32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteegx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteetu32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitefjx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitefpl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteftb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitefyo32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegdy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegjo32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegov32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegsb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehwl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteibz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteicr32.exe -> Spyware.Hijacker.Generic :
  • 0

#4
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
and

Logfile of HijackThis v1.99.1
Scan saved at 11:55:49 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
F2 - REG:system.ini: Shell=Explorer.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteutt32.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#5
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please print these instructions.

First of all, please open ewido and disable Realtime Protection then, open Spybot S&D, click Mode>Advanced>Tools>Resident and remove the check from the Tea Timer box. We don't want them interfering with what we need to do. Reboot when done.

Click here to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.

Click here to download LQfix batch by miekiemoes. Extract it from the zip file to your desktop but do NOT run it yet.

Download Atribune's dsrfix from here. Extract it from the zip file to your desktop - the program creates and names the new folder to house the files.

Next, close Internet Explorer and open the new dsrfix folder. Double click on the dsrfix batch file( the one with the little gear in it ). Once dsrfix has completed it will close on its own

Reboot into safe mode by tapping F8 after the BIOS has loaded. Then doubleclick LQfix.bat. When finished, restart your computer in Normal Mode.

Rescan with HJT and post a new log here.
  • 0

#6
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:44:36 AM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
F2 - REG:system.ini: Shell=Explorer.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteutt32.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Realtime protection in ewido is disabled. Resident is unchecked in Spybot but I didn't see an option to deselect Tea Timer.

Thanks again.
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
See the screenshot - disable teatimer, reboot and repeat my last post.ssd3.jpg
  • 0

#8
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:09:50 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HijackThis.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#9
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
ewido guard is still enabled - please disable it.

Click here to download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted.

Post a new HJT log when done.
  • 0

#10
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, guard disabled. Each time I've run the Peperfix tool it tells me there's nothing to fix and doesn't prompt me to reboot.

Logfile of HijackThis v1.99.1
Scan saved at 3:21:54 AM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#11
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
That's OK - it means the infecting files are no longer there. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

F2 - REG:system.ini: Shell=Explorer.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Doub.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [fcans32m] C:\WINDOWS\System32\fcans32m.exe
O4 - HKLM\..\Run: [udiosrva] C:\WINDOWS\System32\udiosrva.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vglrka.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [lnsplnn] c:\windows\system32\flranh.exe
O4 - HKLM\..\Run: [nzmcqkv] c:\windows\system32\pkwxfd.exe r
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msdioo.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

c:\installer\id53.exe
C:\WINDOWS\System32\fcans32m.exe
C:\WINDOWS\System32\udiosrva.exe
C:\WINDOWS\system32\Vglrka.exe
C:\WINDOWS\system32\exp
c:\windows\system32\flranh.exe
c:\windows\system32\pkwxfd.exe
C:\WINDOWS\System32\automove.exe
C:\WINDOWS\system32\msdioo.exe
C:\WINDOWS\system32\wintask.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#12
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
In safe mode, none of those files were found.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:54 AM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lisa Stanley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforc...XClientUtil.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094562759449
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsne...install-win.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Again, thanks.
  • 0

#13
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
It's looking a lot better now - do you recognise this address:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/se...L?zone=enternet


If not, fix it with HJT.

How is it running now?
  • 0

#14
elemes

elemes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't recognize that address and will fix it with HJT. Other than some mediocre slowness during start-up, it's good to go.
  • 0

#15
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You happy I close your topic then?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP